Provisioning authentication within existing web application


We have created a SCIM 2.0 integration within our existing web application so that OKTA can provision users one way from OKTA to our application. From within OKTA we have created a Secure Web Authentication application that supports provisioning (we are ignoring SSO for the time being we just want to provision the users). From within provisioning in the created OKTA application there are three supported authentication modes: Basic Auth, Bearer Authentication, and OAuth 2.

What we are looking for is some guidance on how to have OKTA authenticate on our SCIM endpoints. We have been unable to find any relevant documentation or code examples to follow for our scenario. The documentation we have found was confusing in that we couldn’t tell which direction it applied and whether it applied to just SCIM integration or not.

On our side, do we have to setup our own OpenID Connect server or something similar? We would like to avoid that if possible.

Thanks in advance!

Do your SCIM endpoints require authentication of any sort? The application in Okta needs to know what type of authentication is protecting your SCIM endpoints so that we can make the necessary requests. You do not need to use OAuth (which would require an authorization server in order to get tokens), but the choice of client auth is up to you and how you want to secure your SCIM endpoints.