<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Connection Methods to Integrate a Test Okta SCIM Application with the SCIM Playground
Sep 29, 2025
API Access Management
Okta Classic Engine
Okta Identity Engine
Overview

This article discusses the different connection methods supported when building a System for Cross-domain Identity Management (SCIM) server to set up a test environment to interact with Okta using this protocol.

NOTE: Okta does not maintain or support the SCIM playground. Only use test data with the SCIM playground. Do not export any sensitive information.

Applies To
  • API Access Management
  • SCIM Integration
Cause

The SCIM playground provides several ways to connect with Okta. Each connection method has a unique setup.

Solution

Using API Key

  1. On the SCIM playground, go to get an API key.
    1. Accept the terms and conditions, then click on Access My Playground. The API key is valid for 24 hours by default, but a longer or shorter value can be selected before generating it. 
    2. Save the key generated in the Use Existing Key section in Notepad or an external location.

API Key

  1. Click on the SCIM Playground icon in the top left corner, then the Playground button > Data Generator, and generate mock data for the test SCIM server:
    1. Click on Generate Users > Create activated users.
    2. Click on the Generate user button.
    3. Click on the Generate groups button.
    4. Click on the Assign users to groups button.
  2. On the Okta Admin Dashboard, create a SCIM application:
    1. Go to Applications > Applications, then click on Create App Integration.
    2. Choose SAML 2.0, then press Next.
    3. Enter the App Name, then press Next.
    4. In SAML Settings, use https://scim.dev/ as Single sign-on URL and Audience URI, then press Next.

SAML Settings

    1. Check App type > This is an internal app that we have created.

"This is an internal app that we have created" checkbox

    1. Press Finish to complete application creation. Now, the application is created.
  2. Go to the General tab > Edit button on App Settings > Provisioning > check SCIM and Save.

App Settings

  1. A Provisioning tab will appear. Go to this tab, press Edit, and configure the integration with the following details:
    1. SCIM connector base URL: https://api.scim.dev/scim/v2
    2. Unique identifier field for users: userName
    3. Supported provisioning actions: Check all the boxes.
    4. Authentication Mode: HTTP Header.
    5. HTTP Header > Authorization: Paste the API Key obtained from the SCIM playground.
    6. Press Save.

 

 

Using OAuth2

  1. On the SCIM playground, go to get an API key https://scim.dev/apikey/
    1. Accept the terms and conditions, then click on Access My Playground.
    2. Scroll down to the Authorization Code Grant section to see the generated client ID and secret.

client ID and secret 

  1. Click on the SCIM Playground icon in the top left corner, then the Playground button > Data Generator, and generate mock data for the test SCIM server:
    1. Click on Generate Users > Create activated users.
    2. Click on the Generate user button.
    3. Click on the Generate groups button.
    4. Click on the Assign users to groups button.
  2. On the Okta Admin Dashboard, create a SCIM application:
    1. Go to Applications > Applications, then click on Create App Integration.
    2. Choose SAML 2.0, then press Next.
    3. Enter the App Name, then press Next.
    4. In SAML Settings, use https://scim.dev/ as Single sign-on URL and Audience URI, then press Next.

SAML Settings

    1. Check App type > This is an internal app that we have created.

"This is an internal app that we have created" checkbox

    1. Press Finish to complete application creation. Now, the application is created:
  2. Go to the General tab > Edit button on App Settings > Provisioning > check SCIM and Save.

App Settings

  1. A Provisioning tab will appear. Go to this tab, press Edit, and configure the integration with the following details:
    1. SCIM connector base URL: https://api.scim.dev/scim/v2
    2. Unique identifier field for users: userName
    3. Supported provisioning actions: Check all the boxes.
    4. Authentication Mode: OAuth2
    5. Access token endpoint URI: https://idp.scim.dev/oauth/token
    6. Authorization endpoint URI: https://idp.scim.dev/oauth/authorize
    7. Client ID: The client generated on the SCIM playground.
    8. Client Secret: The client secret that was generated on the SCIM playground.
    9. Press Save.
  2. On the SCIM playground, press Send to create an administrator of the SCIM server.

create an administrator of the SCIM server

  1. Scroll back up to Authorization Code Grant and add the callback URL to Okta as described in Authentication:

Authorization Code Grant

    • The redirect URL will look like: 
      https://system-admin.{oktaDomain}.com/admin/app/cpc/{appName}/oauth/callback
      • Where the Okta domain could be okta, okta-emea, or oktapreview, according to the tenant.
      • Get the appName directly from the address bar of the Okta Dashboard when navigating to the application's settings. For example:

Get the appName directly from the address bar 

      • Here, the redirect URL to add to the SCIM Playground would be:

https://system-admin.oktapreview.com/admin/app/cpc/oie_scimdemo_10/oauth/callback

redirect URL example

      • Do not forget to click Add URL to add the URL to save the redirect URL.

"Add URL" button 

  1. In Okta, go to Provisioning > Integration, scroll down, and press Authenticate with *.

Provisioning tab 

"Authenticate with scim demo" button

  1. A login page will appear. Enter the SCIM playground-generated admin username and password (refer to section 6).

Login page 

This will redirect to Okta, where the SCIM application is now connected to the SCIM playground.

 

 

Using a SCIM template

  1. On the SCIM playground, go to get an API key https://scim.dev/apikey/.
    1. Accept the terms and conditions, then click on Access My Playground.
    2. This will display an auto-generated API Key and the SCIM base URL.

Get Access

 

  1. Click on the SCIM Playground icon on the top left corner, then the Playground button > Data Generator, and generate mock data for the test SCIM server:
    1. Click on Generate Users > Create activated users.
    2. Click on the Generate user button.
    3. Click on the Generate groups button.
    4. Click on the Assign users to groups button.
  2. On the Okta Admin Dashboard, create a SCIM application:
    1. Go to Applications, then click on Browse App Catalog.
    2. Search for the SCIM 2.0 Test App (OAuth Bearer Token) template.
    3. Click to open the template.

Browse App Catalog  

  1. Set up the integration:
    1. Click on Add Integration in the top right corner.
    2. Add a title (or keep the default one) to the SCIM integration.
    3. Press Next.
    4. Scroll down and press Done.
    5. Click on the Provisioning tab > Configure API Integration.

Provisioning tab 

  1. Enter the base URL and API Key generated on the SCIM Playground, then press Save:

    base URL

    Now, it is all set to test the SCIM implementation.

     

    Recommended content

    Still looking for help?
    Loading
    Connection Methods to Integrate a Test Okta SCIM Application with the SCIM Playground