Create a SCIM connector if your on-premises application does not support SCIM natively. A SCIM connector acts as a SCIM server and an intermediary between Okta and the on-premises application. The SCIM connector can be built using the Okta Provisioning Connector SDK or any custom app or connector that can process SCIM messages. Typically you should install your SCIM connector on a web server that is accessible to your provisioning agent.
You can test your deployment using one of the example connectors that are packaged with the Okta Provisioning Connector SDK. For more information, see Create SCIM connectors for on-premises provisioning. After you have built and installed your connector, configure your app instance on Okta to communicate with your SCIM connector.
- In the Admin Console, go to Applications > Applications.
- Enter the name of your on-premises app in the Search field.
- Click the application name and click the Provisioning tab. Your system should detect the presence of the provisioning agent and instruct you to configure the SCIM connector.
- Click Configure SCIM Connector.
- Complete the following fields:
- SCIM connector base URL: Enter the URL of the SCIM connector to which the provisioning agent forwards SCIM data.
- Authorization type: Select Basic Auth (username and password), HTTP Header (HTTP header name and value), or None.
- Basic Auth credentials: When Basic Auth is selected, enter the username and password of the web server that is hosting the SCIM connector.
- HTTP header name and value: When HTTP Header is selected, enter the HTTP header name and header value.
- Unique user field name: The SCIM property name of the Okta user who can be used to uniquely identify a user on the on-premises system (userName).
- Accept user updates: Select this check box to update a user's app profile using data returned by the connector or SCIM server directly.
- Timeout for API calls: Select the duration for a provisioning call to timeout when the SCIM endpoint does not respond.
- Connect to the these agents: Select the provisioning agents with which you want to connect.
- Click Test Connector Configuration.
- If the test passes, click Save to save your settings. If the test fails, change your settings and try again.
Note: If your SCIM connector has not implemented the UserManagementCapabilities method, Okta assumes all provisioning functions have been implemented. If you have implemented your own SCIM endpoint without using the Okta Provisioning Connector SDK, it is assumed that your SCIM connector or endpoint has implemented all provisioning functions. For the complete list of provisioning functions, refer to Create SCIM connectors for on-premises provisioning using SDK.
Your on-premises system is now connected to Okta, and you can provision users and perform provisioning tasks. If you disable provisioning, the provisioning features will also be disabled, but you can re-enable it any time.