I don't get the `SCIM doesn’t really have anything to do with data retention.`; if SCIM store data to sync between diff. integration / backend / ERPs / tools it is possibly impacted by data protection law like GDPR and co.
I often meet people who think their customer asking for SCIM provisioning means that their customer is identically asking for some newfangled data retention policy. All I meant to emphasize was that SCIM is just a provisioning / update protocol.
Indeed, you are right -- we see customers careful about the data retention policies applicable to SCIM data -- but that's because they'll have reasons to be broadly concerned with data retention matters. Hence my writing "this is usually a separate conversation you might need to have with your customer."