LDAP often times used to provision enterprise users. It acts as a centralized user store. Easy to integrate with SaaS with SCIM API.
But is it a good idea to use LDAP for external users if we want to implement single data store for authentication for the purposes of Single Sign On and Easy user provision in multiple websites but offered by the same organization.
All the descriptions about LDAP and SCIM suggest use cases for SaaS integration to internal user database or multiple intranet applications.
If not, what would be the standards based way to do that? What will be the challenges?
LDAP is a good candidate for storing Identity Information for any type of user or device. Faster than most a Relational Database and modern LDAP Server Implementations can scale to very large capacities.
For Single-Sign-on purposes, LDAP offer no help. SAML or OpenID Connect would be the "Current Best Practices" for SSO.
SCIM 2.0 would be excellent use to be perform CRUD operations against LDAP as a Identity Information store.
Challenges from a generic request, is beyond the scope of stackoverflow.
One of the great things about OpenID Connect is it abstracts the authentication and then SCIM then also abstracts the CRUD operations so the back-end does not matter.
Asking specific questions will obtain best results.