SAML allows you to send additional attributes with the identity payload, like group memberships. This is not inherently authorisation, but can be used to automatically map users to teams/groups/roles in your application.

SAML is a very complicated standard, and very painful to implement. OIDC is much simpler, but lacks some of the capabilities.

Both can automatically create users on login, that is application implementation detail. Both also need SCIM or something similar to offboard users