Investigate using SCIM for provisioning members in SSO-enabled groups

We'd like to use SCIM to provision and deprovision members automatically in https://gitlab.com/gitlab-org/gitlab-ee/issues/5014, but we should first do an investigation into implementation steps first.

Which IdPs support SCIM?
When a user is added/removed from the IdP, what steps does the IdP take?
How does the IdP interact with GitLab.com? If there are required endpoints, what are they and which attributes do they expect?
How does configuration work?