Okta User API - Merging data from two endpoints

Team - I am trying to query Okta user API for users. I found that some of the extended properties that are in AD are within the app endpoint, for example: {{url}}/api/v1/apps/0oa23ai0JW6/users while the other properties are within the normal SCIM api, for example: {{url}}/api/v1/users

My question:

  • Can I make one call to the user API and able to get both ActiveDirectory and normal SCIM results?
  • Does Okta have GraphQL user API available?
  • Is there any other solution that you guys can reommend?


  1. To retrieve SCIM user, you need to follow this api. It is based on your SCIM server.
GET /scim/v2/Users?startIndex=1&count=100 HTTP/1.1
User-Agent: Okta SCIM Client 1.0.0
Authorization: <Authorization credentials>
  1. We do not have one but you can create GraphQL for your app. You can refer the below article.
    Build a CRUD App with Node.js and GraphQL | Okta Developer

  2. You may check if import users can help.

User import operations are initiated by Okta, either manually or on a schedule. To run an import for your SCIM users, go into the Okta Admin Console:

  1. Select your SCIM integration from the list of integrations in your Okta org.
  2. Under the Import tab, click To Okta and Import Now to do a one-time import.
  3. Okta prompts you to review and confirm assignments for any users that aren’t automatically matched to existing Okta users.

For more info, please check this article.

Thanks for the response, but I am not trying to build my own SCIM, rather I want to connect to Okta’s SCIM connector. Does Okta exposes SCIM? Secondly, the challenge I have is some of the data that I am looking for is in {{url}}/api/v1/apps/0oa23ai0JW6/users and the other data is in {{url}}/api/v1/users - I was hoping a GraphQL type of end point (exposed by Okta) would allow me to query one time and get all the data that I need within one call.

API {{url}}/api/v1/users helps list all users.

API {{url}}/api/v1/apps/0oa23ai0JW6/users is requesting users assigned to a specific application.

Did you try to verify these two endpoints in postman? You will see how it works in postman. All users should include the users assigned to the app.

Yes, I can use postman and see the response with user’s profile properties.

My challenge is that the app specific API {{url}}/api/v1/apps/0oa23ai0JW6/users (which is my ActiveDirectory app) does not have managerUPN property populated, I have to get the manager from the the API to populate data. However, the manager is populated in my normal /user API. Hence I started to look into GraphQL etc. If I can somehowe populate the managerUPN in my ActiveDirctory API, this issue could be resolved. Note that I can get Manager DN, but not Manager UPN.

@Ansari So the issue comes to how to populate the property managerUPN in your ActiveDirectory app.
I am not sure if your configuration were setup well but you can open a support ticket through an email to support@okta.com. One of our TSEs will help you review your configuration and the API issue.

We have had a ticket opened, but all it did was to create property in /user profile not in AD profile. Looking for a proper fix.

@Ansari Good to know you had a case open already. Then you can ask our TSEs to help you with possible fix/workaround.