Strategy on implementing SCIM v2 Service

Question

So I was looking at implementing a SCIM v2 service to allow clients to maintain their users in an existing database. Currently we have an internal service that handles all of our user authentication/maintenance. I have done some reading on SCIM and have a decent understanding of the use cases behind it but I am trying to think of the best way to implement this in our system.

The two SCIM operations I want to support to start with are Getting a List of Users and Deleting a User. The approach I was thinking was:

• Create a SCIM service that supports user operations for Deleting/Getting.
• Expose the endpoints publicly and secure using JWT Authentication or something similar
• Have a table that maps the SCIM resource ID to the internal UserID that is accessible via the SCIM service.
• If a request comes in to delete a user, the SCIM Resource ID is searched for in the mapping table and the Internal User ID is returned.
• The SCIM service uses that internal user ID to call our existing authentication service to delete the user.

So I have a few questions about my approach.

1. Should I Write this from scratch or use an existing SCIM implementation and overwrite the default behaviour of the resource controllers? I was looking at this open source implementation here: https://github.com/simpleidserver/SimpleIdServer

2. This will be multi tenanted, should the url for say getting a list of users contain the tenant in the url like this? GET /scim/v2/{tenant}/Users/ or should the URL look like this GET /scim/v2/Users/ and contain the tenant information in the JWT token?

3. Is my approach correct or am I thinking about this all wrong?

Really appreciate any help on this as I am having a hard time finding best practise on the implementation.

Cheers, Dave.