Both SCIM and SAML groups are useful for automatically managing several users into content access teams that fluctuate in an organization. If your organization supports SCIM, we highly recommend that you use SCIM groups instead of SAML groups for these key reasons: real time user updates and automatic group creation.
By using SCIM, you can allow your identity provider (iDP) to use our Named User Service (NUS) API to create and manage groups securely with token authentication. When you assign a group from your iDP to uStudio, the group will be automatically be created on our end and include those designated users. As time goes on, the iDP will keep track of users' membership in real-time. For example, when someone leaves your organization or gets deactivated in your iDP, you will see that reflected in uStudio's Content Management Console (CMC) or as you query the NUS API. The deactivated user will no longer have access to your uStudio content because their token is invalidated.
Whereas SAML allows your iDP to assign security groups, but you must create the uStudio group and membership is granted at login. SAML groups rely on assertions that describe the user's identity and group membership. These assertions are passed to uStudio during the login process that is initiated by the user or re-authentication prompt every 30 days (default) as their token expires. Because of this, we don't get real-time updates on users access nor we'll ever see them deactivated from the iDP since you cannot login at that state.
This is why SAML groups are not preferred over SCIM groups. If possible, use SCIM groups to gain the benefits of real time user updates and automatic group creation. It'll save you the headache of figuring out why a user is not seeing a particular show even though they can login.