AWS IAM Identity Center Access Token Renewal
Jan 7, 2026
Okta Integration Network
Okta Classic Engine
Okta Identity Engine
Overview
The API Tokens used for provisioning with most integrations have an expiry date and need to be replaced.
Applies To
- AWS IAM Identity Center
- Okta Integration Network (OIN)
- Provisioning
Solution
To enable automatic provisioning in the IAM Identity Center
- After having completed the prerequisites, open the IAM Identity Center console.
- Choose Settings in the left navigation pane.
- On the Settings page, locate the Automatic provisioning information box, and then choose Enable. This immediately enables automatic provisioning in the IAM Identity Center and displays the necessary SCIM endpoint and access token information.
- In the Inbound automatic provisioning dialog box, copy each value for the following options. Paste these in later when provisioning in the IDP is configured.
- SCIM endpoint
- Access token
- Choose Close.
After the SCIM Endpoint and Access Token are generated in AWS, log in to the Okta admin portal in a separate browser window and navigate to the IAM Identity Center app.
- On the IAM Identity Center app page, choose the Provisioning tab and then choose Integration.
- Choose Configure API Integration, then select the check box next to Enable API integration to enable provisioning.
- If the Provisioning is already set, navigate to the Provisioning tab, choose Integration, and click Edit.
- In the previous procedure, the SCIM endpoint value that was copied in the IAM Identity Center needs to be pasted that value into the Base URL field in Okta. Make sure to remove the trailing forward slash at the end of the URL. Also, in the previous procedure, the copied Access token value from the IAM Identity Center needs to be pasted into the API Token field in Okta.
- Choose Test API Credentials to verify the credentials entered are valid.
- Choose Save.
