This article will explain how Group Linking works for System for Cross-domain Identity Management (SCIM) integrations able to import to and/or push groups from the Service Provider (SP).

• SCIM 1.1 and 2.0

There are two different ways that Okta supports Group Linking for SCIM integrations, which involves associating a Group within Okta with a Group on the Service Provider's side.

• Groups are linked based on their name. If the Group within Okta has the exact same name as the Group at the SCIM server, the groups will be automatically linked during Group Push. Okta will check if the group already exists on the Service Provider side by making a request to the SCIM server that will look like the following:
  • GET https://{scimUrl}?filter=displayName eq "{groupName}"
• If the SCIM integration supports and is configured in Okta with the option to Import Groups, the Refresh App Groups button on the Push Groups tab will allow Okta to make a request to the SCIM server's /Groups endpoint to retrieve the existing Groups on the Service Provider's side. Once these groups have been retrieved, there will be an option to link a Push group with one of these existing groups:

Related References

• SCIM Protocol
• Group Push