User-Managed Access 2.0 (UMA)

By default, CUE User Manager assumes the the SCIM web resources are UMA protected :

provider:
  umaProtectedSCIM: yes

When enabled, CUE User Manager will perform the UMA authorization flow before making the actual SCIM HTTP request.

It's up to the IAM provider to validate that the access token is valid.

If the SCIM endpoint is not UMA protected, you must set this to false. The SCIM endpoint will then receive requests from with CUE User Manager with Authorization headers like:

 Authorization: Bearer <access-token>

Again, it's up to the IAM system to validate that the access token is valid before allowing the client to perform the requested SCIM operation.