Enterprise-Ready Workshop: SCIM

Hello SaaS developers! You sell your software to technologically mature enterprises, and they expect it to interface seamlessly with all their other tools. In our Enterprise-Ready Workshop on OpenID Connect, you learned how to solve part of this problem, by creating user accounts in your application for your customers’ employees whenever they log in.

This is a companion discussion topic for the original entry at https://developer.okta.com/blog/2023/07/28/scim-workshop

Hello there, The issue mentioned at 19:25 in the workshop video is occurring even after adding the bodyParser code in main.ts. I’m on npm 20. Wondering if it has anything to do with the “unable to load tsconfig-paths”? As of today there are no open issues on Github related to this

@alisaduncan appreciate if you can help here as well :slightly_smiling_face:

Hi there @tech-binder !

Thanks for the nudge and for working through the workshop! I haven’t tried this on Node 20, but my guess is it’s not a Node version (I could be mistaken though). Let’s see if we can figure this out together. :slight_smile:

Double checks never hurt, so why don’t we start by clearing out dependencies, re-installing the dependencies, and resetting the tooling. Please run the following commands to do so

rm -rf node_modules
npm ci
npx nx reset

Does that resolve the error you’re seeing with the content-type parsing?

If not, the next step is verifying the completed project runs on your machine. Please try cloning the project to a new location on your machine, then checkout the completed branch for the SCIM workshop to run it locally and ensure it works:

git clone git@github.com:oktadev/okta-enterprise-ready-workshops.git
git checkout scim-workshop-complete
npm ci
npm run init-db
npm start

Let us know what you see! If you’re still running into trouble, I’m happy to try installing Node 20 or to set up an office hours call to troubleshoot.

Hi @tech-binder, can you try updating line 177 to the following instead app.use(bodyParser.json({ type: 'application/scim+json' })); and see if the error goes away?

@sigama thanks your response. After I reinstalled the dependencies as suggested by @alisaduncan it works with both either of the code samples

app.use(bodyParser.json({type: [‘application/json’, ‘application/scim+json’]}));


app.use(bodyParser.json({ type: 'application/scim+json' }));

@alisaduncan thanks a ton. Reinstalling the dependencies fixed it!

1 Like

Awesome! Glad to hear it! Let us know if you run into anything else. Happy coding!

@sigama just finished the workshop and it was fun putting SCIM to work. Amazed at how quickly the sync is happening between Okta Idp and the application. I plan on trying the last part of “Scaling SCIM server to support multitenancy” myself to understand how that can be handled. Thanks again for putting this together.

@tech-binder Awesome to know you were able to set up SCIM with Okta! Thanks for letting us know. Let us know if you have other questions. Happy to help!

@sigama in the Developer Okta Portal Application Configuration I noticed that for the SCIM 2.0 Test App under “Sign On” tab the Sign on method configured is SAML 2.0. I couldn’t understand how this is related to any of the workflows in the webinar. Could you explain?

@tech-binder good question. There are two ways to create a SCIM application: 1) via the App Integration Wizard (private SCIM app) which you can add SSO (SAML or SWA), and 2) the Template App (public SCIM app), which doesn’t support SSO.

What I have demonstrated in the workshop is the Template App option of integrating SCIM with Okta. Although it has the SSO settings as you pointed out, this Template App is primarily used for submitting a SCIM integration to our Okta Integration Network (OIN). You can read more about the difference here - Publish an OIN integration | Okta Developer.

If you want to submit an SSO-enabled app to our OIN you must submit it separately from your SCIM integration – per our instructions here https://oinmanager.okta.com/.

Are you looking to submit an OIDC or SAML app with your SCIM integration? I am happy to guide you.

My question is regarding the SCIM workflows and related concepts. Since this is purely syncing of entities (users) between two applications (Okta and the test application) I do not understand a need for SSO. In the workshop, there was no user login in step - isn’t it?

Hi @tech-binder great question! So this workshop was part of an Enterprise-Ready series. Besides adding SCIM as a feature in your Todo app, you can also add OpenID Connect (OIDC). Supporting both SCIM and OIDC in the Todo app allows you to provision users to your database and so when your users log in for the first time they will be able to SSO/login through an Identity Provider (IdP) such as Okta. OIDC will redirect to the IdP to take care of the login process for you :relieved:.

1 Like

Got it. Thanks for your patience!

BTW, at the moment I’m not planning any App for submitting to OIN. Appreciate your offer for assistance.