Hi @Kevin Frey ,
I understand that you are looking for an ETA for when Azure AD will support OIDC non-gallery apps with SSO and SCIM provisioning. Right now there are some technical limitations preventing this capability due to the way the SCIM connector works. The product team aims to support this in the future but does not have an ETA for this capability yet.
As you mentioned, the workaround right now is to use two non-gallery apps, one for OIDC SSO and one for SCIM provisioning.
If you would like to make a request this for this feature, you can create one in the Microsoft Ideas forum: https://feedback.azure.com/
If you create a feature request there I will bubble it up with the product team. You can also check for updates on the Release Notes page for Azure AD.
Thanks,
Marilee