There's the RFC way and then there's the real way.

IMO, many folks want SCIM with to support only two providers: Azure AD/Entra and Okta.

I guess there's a third: a homegrown system an enterprise has that "supports SCIM". That one is always going to be weird.

So in reality those two vendors get to determine acceptable behavior for SCIM servers (the data stores that push data into SCIM clients like Tesseral).

Completely disagree. I work in the field and in my experience people use lots of SCIM servers, many of which home-grown since it’s not that hard to implement only the bits of the specs you need. And interoperability is quite good, better than with OAuth. The two vendors you mentioned are almost never mentioned by our customers in relation to SCIM.

You're right. Section 10.4 does make that more clear as well for the default schemas.