You must authenticate all System for Cross-domain Identity Management (SCIM) requests using OAuth 2.0 bearer token authentication.
Bearer tokens are evaluated using access token validators. The
HttpRequest.AccessToken attribute supplies the validation result to the
policy request, and the
TokenOwner attribute provides the user identity
associated with the token. Policies use this authentication information to affect the
processing of requests and responses.