SCIM provisioning - user access roles


I have a SCIM 2.0 provisioning app that is all the way working. But the way I implemented roles/permissions is not ideal. I used an attribute in okta to push down when a user is provisioned that identifies their permissions.

I read somewhere about using (push)groups instead, but the docs had the beta tag on most of the end points.

I also found this page about roles…

What is the best way to implement permissions and roles for users in SCIM?


I think I have it working really well with push groups… IM SCARED of the beta tag in the docs. Anybody know if push groups can be used by actual customers?

Hi Dave,
Group Push functionality has to be exposed through Okta support and we will soon use it in our production environment.
Which API call are you using to trigger the group push? Couldn’t find anything in the API reference.