Partial SCIM integration for deactivating

tbako · June 25, 2025, 12:11pm

Hi Everyone,

is there a way to partially implement SCIM so it is only used for offboarding? I am looking at this resource, which states that there is a GET request before each PATCH request, which is called to make sure the user exists. Is there a way to configure that GET request in Okta to contain the email address instead of the user id. Like it is used in the Determine if user exists step?

We don’t want to store the users in all of our different environments, because this would be only used internally within our company.

If it is unavoidable what is your recommendation to use Okta as an offboarding tool without implementing fully implementing SCIM/storing users?

Thank your for your time,
Tamas

andrea · June 25, 2025, 10:47pm

This is not possible. In order for Okta to deprovision a user via SCIM, the user first needs to be provisioned via SCIM. Like you saw, we send update requests using the ID for the user on the SCIM side.

What is your exact use case, and is it something that can be handled using Event Hooks (either handled by Workflows or received by your own server) when a user’s status changes (such as for eventType eq “user.lifecycle.deactivate”)

system · July 25, 2025, 10:47pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Post		Replies	Views
SCIM User Deprovisioning SCIM	7	4258	October 29, 2019
SCIM deprovisioning not sent to integration SCIM	9	3517	December 6, 2022
SCIM Provisioning Removal SCIM	8	5086	November 14, 2019
Deprovisioning-only use of SCIM SCIM	2	4046	December 9, 2019
Challenges with SCIM delete implementation with Just in Time SCIM	4	39	July 28, 2025

Partial SCIM integration for deactivating

Related topics