...
As we are in an highly heterogeneous distributed system, enrollment events might be pushed to certain resources to provision an account, a profile, etc. But if we need provision, we also need to deprovision. Many can deal with provisioning on the fly, but I have not heard of the reverse yet. So do we have something ? The How do we tell that a new person, or group is added ? How do we tell that a person, or a group have been removed ? The most scalable and agnostic structure could be an event hub, where SP, resources can subscribe which mean a tool and an API.