So i want to integrate SCIM in my application but cant seem to figure out how okta knows which company I am talking about I mean I will ask data of user that has been assigned on my scim server by their respective organization , but i saw the API reference and it didn’t had any company id or name or any unique identification in body by which okta can identify what company i am talking about , so do i have to ask for individual user data and it will list all the organization they are associated to, to see if the requested data of an organization has to be served or not. or am i getting it all wrong.
To verify I understand correctly, in the case where you have multiple Okta Orgs connecting to the same SCIM server instance how could you differentiate between requests to know which Org the request is for?
If so there is nothing in the request which would provide this information.
Typically you would have a few different options:
- When you setup the authentication method whatever that may be (basic, header, OAuth, api token) to have something in the authentication header which maps to a specific Org. So in basic auth the username could be the tenant or you could have a map where the key is the API Token so you know which Org the request is for.
- For each tenant you could a unique resource base path they use on your SCIM server
- For each tenant you could have them connect to their own subdomain on your SCIM server.