I am attempting to set up a test app on our test org, using our new SCIM app. On the first page of the Provisioning tab, I’m asked to enter a SCIM 2.0 Base Url and an OAuth Bearer Token. I have entered the Url and a bearer token that together are valid locally, however when I attempt to test the credentials, I receive “Please review the form to correct the following error(s): Error authenticating: null”.
I can see in the system logs that it successfully logs an “[application.integration.authentication_failure]” event, but I cannot see any more useful detail in that log, and nothing is making it through to our application.
If I try a different Url, I get the same error, including for Urls that I know are not valid (as long as I still have the right pattern, i.e. without triggering “SCIM 2.0 Base Url: Does not match required pattern”).
Are there any more logs or information that I can get to find out what is going wrong here?
I was trying with an absolute local environment URL, similar to what we’ve done previously when setting up test apps for SAML. We’re currently at an early testing stage, and were hoping to avoid needing to make anything publicly accessible just yet.
Okta does the requests to the SCIM server through the back-end channel and, as such, the URL that you add in the SCIM template must be publicly resolvable in order for Okta to reach out to the SCIM server’s /Users and, if configured, /Groups endpoint.
@dragos are there limitations on subdomains or specific TLDs? Our staging url uses the .fun TLD, and we use subdomains to separate environments, so the base URL could look like this: https://tenant.env.our_app.fun/scim/v2