I think something needs to be added to the main post for clarity...
Where it says this:
Synchronizing SSO records
You can use the POST admin endpoint /admin/users/sync_sso to synchronize an SSO record, pass it the same record you would pass to the SSO endpoint, nonce does not matter.
I think it should also include:
If you call
admin/users/sync_sso from another site, you will need to include a valid admin
api_key and a valid
api_username as url parameters