Customer has DataPower API gateway. So, they want to understand if SCIM API can be restricted to access via DataPower API gateway and not any other way.
The SCIM APIs are all built into the core of IIQ - I don’t think there’s a built-in way to disable them or otherwise alter their existing functionality. I do know that access to the various APIs and API methods are controlled via SPRights (and corresponding capabilities), and require some form of authentication (HTTP Basic or OAuth).
You probably will need to work with your networking team on a method to route all IIQ traffic through a proxy or other system capable of seeing the full request URL. If that network system detects a URL request for [IIQ-base-URL]/scim/*, redirect that request through your API gateway.