SCIM uses so called “Authorization Code Grant Flow” which calls SCIM client to update the configuration of the users. Usually the client also implements Oauth 2.0 authentication to produce the tokens. I wonder whether it is “normal” to produce authorization token by OKTA itself and the client only validates it?
Hello,
It is possible to have your SCIM integration point to your own OAuth2 application in the same Org. This accomplishes your Org minting the access tokens used by the Okta SCIM client which your SCIM server would then validate. So there wouldn’t be a need to have an external OAuth provider.
Thank You,
1 Like
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.