Provisioning authentication within existing web application

aquinn · January 27, 2022, 5:43pm

Hello,

We have created a SCIM 2.0 integration within our existing web application so that OKTA can provision users one way from OKTA to our application. From within OKTA we have created a Secure Web Authentication application that supports provisioning (we are ignoring SSO for the time being we just want to provision the users). From within provisioning in the created OKTA application there are three supported authentication modes: Basic Auth, Bearer Authentication, and OAuth 2.

What we are looking for is some guidance on how to have OKTA authenticate on our SCIM endpoints. We have been unable to find any relevant documentation or code examples to follow for our scenario. The documentation we have found was confusing in that we couldn’t tell which direction it applied and whether it applied to just SCIM integration or not.

On our side, do we have to setup our own OpenID Connect server or something similar? We would like to avoid that if possible.

Thanks in advance!

andrea · February 4, 2022, 4:35pm

Do your SCIM endpoints require authentication of any sort? The application in Okta needs to know what type of authentication is protecting your SCIM endpoints so that we can make the necessary requests. You do not need to use OAuth (which would require an authorization server in order to get tokens), but the choice of client auth is up to you and how you want to secure your SCIM endpoints.

Post		Replies	Views
Authorization of an SCIM client Questions	4	2099	March 5, 2023
SCIM authenticate requests using OKTA itself SCIM	2	1975	March 10, 2023
OAuth Authentication for SCIM Provisioning SCIM	6	8378	February 26, 2020
Connect to OKTA via API API	4	2050	February 13, 2024
SCIM On-Prem Provisioning SCIM	3	4096	January 29, 2020

Provisioning authentication within existing web application

Related topics