So I'm tasked with creating a single sign on link using documentation from the third party we are logging into. So far so good.

Well they don't support some of the fields our users will need--that we don't want to support (otherwise why use a third-party?).

Their solution is to make us the system of record so that when a user goes through the single sign on we pass this info as well. But it needs to be editable on their side well--because they won't give us an API for our system of record to update their side.

That's right only a user signing on from our system will update their side. Tough luck admins on our side. You get double duty due to the poor business decision to work with a company with lazy devs.