Connect to a SCIM connector

Create a SCIM connector if your on-premises application does not support SCIM natively. A SCIM connector acts as a SCIM server and an intermediary between Okta and the on-premises application. The SCIM connector can be built using the Okta Provisioning Connector SDK or any custom external application or connector that can process SCIM messages. Your SCIM connector should be installed on a web server that is accessible to your Okta Provisioning Agent.

You can test your deployment using one of the example connectors that are included with the Okta Provisioning Connector SDK. See Create and test SCIM connectors.

After building and installing your connector, use this procedure to configure your Okta app integration to communicate with your SCIM connector.

  1. In the Admin Console, go to ApplicationsApplications.
  2. Enter the name of your on-premises app integration in the Search field.
  3. Click the name of the app integration and click the Provisioning tab. Your system should detect the presence of the Okta Provisioning Agent and instruct you to configure the SCIM connector.
  4. Click Configure SCIM Connector.
  5. Complete the following fields:

    • SCIM connector base URL Enter the URL of the SCIM connector to which the Okta Provisioning Agent forwards SCIM data.

    • Authorization type — Select Basic Auth (username and password), HTTP Header (HTTP header name and value), or None.

    • Basic Auth credentials — When Basic Auth is selected, enter the username and password of the web server that is hosting the SCIM connector.

    • HTTP header name and value — When HTTP Header is selected, enter the HTTP header name and header value.

    • Unique user field name — The SCIM property name of the Okta user who can be used to uniquely identify a user on the on-premises system (userName).

    • Accept user updates — Select this check box to update a user's application profile using data returned by the connector or SCIM server directly.

    • Timeout for API calls — Select the duration for a provisioning call to timeout when the SCIM endpoint does not respond.

    • Connect to the these agents — Select the Okta Provisioning Agents with which you want to connect to.

  6. Click Test Connector Configuration.
  7. If the test passes, click Save to save your settings. If the test fails, change your settings and try again.

    8. Note: If your SCIM connector has not implemented the UserManagementCapabilities method, Okta assumes all provisioning functions have been implemented. If you have implemented your own SCIM endpoint without using the Okta Provisioning Connector SDK, it is assumed that your SCIM connector or endpoint has implemented all provisioning functions. For the complete list of provisioning functions, refer to Create SCIM connectors for on-premises provisioning using SDK.

Your on-premises system is now connected to Okta, and you can provision users and perform provisioning tasks. If you disable provisioning, the provisioning features will also be disabled, but you can re-enable it any time.

Next steps

Configure the API call timeout period