SCIM provisioning with OAuth 2.0 for multitenant

I created a new app integration for provisioning with SCIM. I used OAuth 2.0 as the authentication method and was able to successfully integrate.
But I’m not sure if the client-id and client-secret supplied is for each tenant or for the app once.

When I tried to look into the OIN form, I noticed there are two fields - Consumer Key and Consumer Secret. Are these same as Client-id and secret?
If yes, how to rotate if needed
If not, what are these. And is there a way to check what fields the user needs to enter when OIN app is published.


Yeah, if you’re using OAuth authorization, Consumer Key/Consumer Secret are the same as Client ID/Client Secret. The value entered there should be the one that can be used to get tokens that can be sent as auth to the SCIM server via Authorization Code flow.

You should see that you have an option for the auth for a SCIM OIN application: all instances of the OIN application use the same client credentials for provisioning OR each instance has their own set of consumer key/consumer secrets (in this case, the person configuring the integration in Okta will need to provide the credentials to get the provisioning connecting working). If you expect a need to rotate them, you probably want to choose the latter option so that each app instance has its own set of credentials that can be rotated.