Portal: set up SCIM 2.0 with bearer-token authentication