<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
The SCIM Protocol Does Not Support MFA
Nov 6, 2025
Okta Integration Network
Overview

Provisioning uses the System for Cross-domain Identity Management (SCIM) protocol to synchronize user account information between the user store and the external applications. The SCIM connector uses basic authentication to authorize the connection between the external application and Okta and will inherit the permissions of that account. 

If, on the application side, the administrator account is required to use Multi-Factor Authentication (MFA) in order to access the application, the API authentication will fail with the following error:

 

Could not verify the administrator credentials; please confirm that these are set correctly

 

Applies To
  • Okta Integration Network (OIN)
  • Provisioning
  • API Authentication
  • Multi-Factor Authentication (MFA)
  • System for Cross-domain Identity Management (SCIM)
Solution

The Administrator Account used to set up the provisioning flow in Okta must be excluded from the MFA policy on the application side. The SCIM connector cannot use MFA, only basic authentication.

Recommended content

Still looking for help?
Loading
The SCIM Protocol Does Not Support MFA