When creating a SCIM app via the OAN/OIN, there are a few options
- OAuth 2.0 Authorization Code Grant Flow
- Basic Authentication
- Custom HTTP Header
My question relates to the recommended approach - Option 1.
In that scenario you create an app from the Admin dashboard:
- Select Applications > Applications > Add Application
- Search for SCIM 2.0 Test App (OAuth Bearer Token) App and click Add and complete the wizard with the defaults.
- From here, you proceed to the Provisioning tab, check Enable API Integration. At this point, you are required to enter a SCIM 2.0 Base URL (your publicly reachable SCIM connector/facade/gateway and an OAuth Bearer Token.
A couple of questions:
- What should the value of the OAuth Bearer Token be (ie from where is this issued)?
- Once the bearer token reaches the SCIM endpoint, what is the expect process to ensure trust is established between the SCIM endpoint and Okta?
- How does this differ from the Custom HTTP Header option where you provide an API Token, presumably a shared secret of sorts, issued by the SCIM server?