SCIM Provisioning Integration
Choose a SCIM provider recipe and validate AuthOS provisioning
This guide walks through the implemented SCIM provisioning paths. The examples are not evidence of certification or interoperability with every version of Okta, Microsoft Entra ID, or OneLogin. Test create, update, deprovision, pagination, filtering, group membership, and failure behavior for your client before deployment.
Choose your path
Read the shared concepts once, then choose the identity-provider recipe that matches the system you administer. Provider interfaces and behavior can change; treat each recipe as a starting point and complete the validation guide before production.
| Need | Guide |
|---|---|
| Understand lifecycle behavior, prerequisites, tokens, mapping, and security | Concepts and shared setup |
| Configure Okta | Okta recipe |
| Configure Microsoft Entra ID (formerly Azure AD) | Microsoft Entra ID recipe |
| Configure OneLogin | OneLogin recipe |
| Test lifecycle and endpoint behavior | Validation |
| Diagnose connection, provisioning, or synchronization failures | Troubleshooting |
Published-anchor compatibility
The original overview remains the stable entry point. The headings below retain its published fragment identifiers and point to the focused replacement pages.
What is SCIM?
Continue in the focused guide.
Prerequisites
Continue in the focused guide.
Step 1: Generate a SCIM Token
Continue in the focused guide.
Using the SDK
Continue in the focused guide.
Using the API Directly
Continue in the focused guide.
Step 2: Configure Your Identity Provider
Choose a provider recipe above.
Option A: Okta Integration
Continue in the focused guide.
1. Create SCIM Token
Continue in the focused guide.
2. Configure Okta Application
Continue in the focused guide.
3. SCIM Connection Settings
Continue in the focused guide.
4. Test Connection
Continue in the focused guide.
5. Enable Provisioning Features
Continue in the focused guide.
6. Configure Attribute Mappings
Continue in the focused guide.
7. Assign Users and Groups
Continue in the focused guide.
8. Verify Provisioning
Continue in the focused guide.
Option B: Azure AD Integration
Continue in the focused guide.
1. Create SCIM Token
Continue in the focused guide.
2. Configure Azure AD Provisioning
Continue in the focused guide.
3. Provisioning Configuration
Continue in the focused guide.
4. Test Connection
Continue in the focused guide.
5. Configure Mappings
Continue in the focused guide.
6. Configure Scoping
Continue in the focused guide.
7. Save and Start Provisioning
Continue in the focused guide.
8. Monitor Provisioning
Continue in the focused guide.
Option C: OneLogin Integration
Continue in the focused guide.
1. Create SCIM Token
Continue in the focused guide.
2. Configure OneLogin Application
Continue in the focused guide.
3. SCIM Configuration
Continue in the focused guide.
4. Enable Operations
Continue in the focused guide.
5. Configure Entitlements
Continue in the focused guide.
6. Apply Provisioning Rules
Continue in the focused guide.
7. Test and Enable
Continue in the focused guide.
Step 3: Verify Provisioning
Continue in the focused guide.
Manual Verification
Continue in the focused guide.
Check User Creation
Continue in the focused guide.
Monitor SCIM Token Usage
Continue in the focused guide.
Testing Scenarios
Continue in the focused guide.
Test 1: User Creation
Continue in the focused guide.
Test 2: User Update
Continue in the focused guide.
Test 3: User Deactivation
Continue in the focused guide.
Test 4: Group Membership
Continue in the focused guide.
Advanced Configuration
Continue in the focused guide.
Automatic Token Rotation
Continue in the focused guide.
Custom Attribute Mapping
Continue in the focused guide.
Handling Provisioning Conflicts
Continue in the focused guide.
Filtering Users for Provisioning
Continue in the focused guide.
Monitoring and Troubleshooting
Continue in the focused guide.
Common Issues
Continue in the focused guide.
Issue: “Invalid SCIM token” Error
Continue in the focused guide.
Issue: Users Not Provisioning
Continue in the focused guide.
Issue: “User already exists” (409 Conflict)
Continue in the focused guide.
Issue: Slow Synchronization
Continue in the focused guide.
Monitoring Best Practices
Continue in the focused guide.
Track Token Usage
Continue in the focused guide.
Monitor Provisioning Events
Continue in the focused guide.
Debugging Tips
Continue in the focused guide.
Enable Verbose Logging in IdP
Continue in the focused guide.
Test SCIM Endpoints Directly
Continue in the focused guide.
Validate the implemented SCIM behavior
Continue in the focused guide.
Security Best Practices
Continue in the focused guide.
Token Management
Continue in the focused guide.
Access Control
Continue in the focused guide.
Data Protection
Continue in the focused guide.
Related Documentation
- SCIM 2.0 API Reference - Implemented endpoint documentation and limitations
- Organizations SDK Reference - SCIM token management
- Authentication Flows Guide - Understanding user authentication
- Access Control Concepts - ReBAC permissions
Pages
SCIM Concepts and Shared Setup
Understand AuthOS SCIM lifecycle behavior, tokens, mappings, and security
Configure SCIM with Okta
Configure and verify AuthOS SCIM provisioning from Okta
Configure SCIM with Microsoft Entra ID
Configure and verify AuthOS SCIM provisioning from Microsoft Entra ID
Configure SCIM with OneLogin
Configure and verify AuthOS SCIM provisioning from OneLogin
Validate SCIM Provisioning
Test AuthOS SCIM lifecycle, token, schema, and endpoint behavior
Troubleshoot SCIM Provisioning
Diagnose AuthOS SCIM authentication, provisioning, conflict, and synchronization failures