How to use the SCIM 2.0 Test App (OAuth Bearer Token) App


When creating a SCIM app via the OAN/OIN, there are a few options

  1. OAuth 2.0 Authorization Code Grant Flow
  2. Basic Authentication
  3. Custom HTTP Header

My question relates to the recommended approach - Option 1.

In that scenario you create an app from the Admin dashboard:

  1. Select Applications > Applications > Add Application
  2. Search for SCIM 2.0 Test App (OAuth Bearer Token) App and click Add and complete the wizard with the defaults.
  3. From here, you proceed to the Provisioning tab, check Enable API Integration. At this point, you are required to enter a SCIM 2.0 Base URL (your publicly reachable SCIM connector/facade/gateway and an OAuth Bearer Token.

A couple of questions:

  1. What should the value of the OAuth Bearer Token be (ie from where is this issued)?
  2. Once the bearer token reaches the SCIM endpoint, what is the expect process to ensure trust is established between the SCIM endpoint and Okta?
  3. How does this differ from the Custom HTTP Header option where you provide an API Token, presumably a shared secret of sorts, issued by the SCIM server?