SCIM On-Prem Provisioning

Are there any updated materials for developing an on-prem SCIM solution with Okta (with Okta acting as the master directory)? The white paper I found on the matter is from 2014 and suggests we use Okta’s On-Prem Provisioning Agent, which only supports SCIM v1.1 (we want to build with SCIM v2.0).

Currently, our on-prem app can integrate with Okta SSO by creating a custom app. However, it appears that custom apps cannot provision users. Here is a note found in our custom app:

Need provisioning for this app?
Okta doesn’t provide user provisioning for this app yet, but it can be added with on-premises provisioning.
Contact your Okta sales representative to enable support. Learn more

Notice that the link leads to a blank page.
Basically, I want to know if it’s possible for Okta to provision users to an on-prem app without needing the Okta On-Prem Provisioning agent.

1 Like

Hi @daniel.solis

The Okta Provisioning Agent creates a tunnel between Okta and your local network in order for Okta to successfully communicate with your on-premises SCIM server.

If you would like to use SCIM 2.0, then you would need to expose the /Users and /Groups endpoint to be accessible via the Internet, as Okta is sending the provisioning requests through a back-end channel.

1 Like

Currently the on-premises provisioning agent only supports SCIM 1.1. All you can do for now is use SCIM 1.1 and upvote this feature request
https://ideas.okta.com/app/#/case/116709?section=requests

1 Like