diff --git a/SCOPE.md b/SCOPE.md
index 725a174..3d68467 100644
--- a/SCOPE.md
+++ b/SCOPE.md
@@ -86,6 +86,31 @@ NetKingdom is a self-optimizing security platform for Kubernetes-based IT infras
 
 ---
 
+## Provided Capabilities
+
+```capability
+type: security
+title: NetKingdom IAM Profile specification
+description: Versioned OIDC/PKCE contract that all NetKingdom applications target — defines discovery, authorization, token, JWKS, and userinfo endpoints plus claim normalization.
+keywords: [iam, oidc, pkce, profile, specification, identity, authentication]
+```
+
+```capability
+type: security
+title: SSO/MFA platform (Keycloak)
+description: Enterprise-grade Keycloak-based SSO with LDAP/Entra federation, MFA, and full OIDC/PKCE support for production deployments.
+keywords: [sso, mfa, keycloak, ldap, entra, federation, oidc, enterprise]
+```
+
+```capability
+type: security
+title: Bootstrap local identity service
+description: Minimal file-based OIDC server for environments where the full cluster is not yet available — covers dev, test, and sandbox bootstrapping scenarios.
+keywords: [bootstrap, local-identity, oidc, minimal, dev, sandbox]
+```
+
+---
+
 ## Getting Oriented
 
 - Start with: `wiki/` (specifications and decisions), `DECISIONS.md` (key architectural choices D1–D5)