Docs for SCIM mappings (#8463)

* Docs for SCIM mappings

* Docs for SCIM mappings

* Docs for SCIM mappings

docs/howto/scim.md

@@ -78,6 +78,22 @@ In the Entra ID admin dashboard, go to **Enterprise Applications** and choose th
 3. In **Secret Token** paste the token you copied in the previous step. If you haven't created a token yet, you may do so now
 4. Click **Test Connection**
 5. If the test fails, please ensure you've entered the correct SCIM endpoint URL from lakeFS Cloud and copied the token correctly. Otherwise, click "Save" at the top of the settings panel
+6. Configure provisioning attribute mappings(this determines which attributes are sent to the lakeFS SCIM endpoint)
+
+## Required Attributes
+The LakeFS SCIM implementation has a number of attributes that it expects to see in requests. Missing, incorrect, or extraneous attributes will generally result in a 400 error code.
+
+### User Resource Attributes
+  * username: Unique identifier for the User, typically used by the user to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the service provider's entire set of Users. REQUIRED.
+  * externalId: A String that is an identifier for the resource as defined by the provisioning client. REQUIRED.
+  * emails: Email addresses for the user. The value SHOULD be canonicalized by the service provider, e.g., '[email protected]' instead of '[email protected]'. Canonical type values of 'work', 'home', and 'other'. One should be marked as primary. REQUIRED.
+  * active: A Boolean value indicating the User's administrative status.
+
+### Group Resource Attributes
+  * displayName: A human-readable name for the Group. REQUIRED.
+  * externalId: A String that is an identifier for the resource as defined by the provisioning client. REQUIRED.
+  * members: A list of members of the Group.
+
 
 {: .note}
 > **Note:** lakeFS Cloud is designed to work with the default attribute mapping for users and groups provided by Entra ID.