For the enterprise context where this gem is probably often used I think it's essential to have some auditable log of provisioning requests.

How about a configurable (default empty) logger that, if set, is called with the Request object every SCIM API call?

Something like config.audit_logger = Logger.new and a before_action calling audit_logger's info with the controller's request object.