<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Okta SCIM Connector Error: "No results for users returned" When Testing Connection
Apr 27, 2026
Okta Classic Engine
Okta Identity Engine
API Access Management
Overview

When attempting to test the connection for a System for Cross-domain Identity Management (SCIM)-enabled application or a custom SCIM connector in the Okta Admin Dashboard, the connection test fails. The following error message is displayed:

 

No results for users returned

 

This prevents the administrator from successfully enabling provisioning or saving the connector configuration, even if the API endpoint and authorization headers appear correct.

Applies To
  • System for Cross-domain Identity Management (SCIM)
  • Application Provisioning
  • Custom SCIM Integrations
  • Okta Classic Engine
  • Okta Identity Engine (OIE)
Cause

While the downstream user store does not need to contain users to be "connected," this error indicates that Okta's validation probe did not receive a valid SCIM-compliant response. This is typically caused by:

  • Non-Compliant Empty Response: When the downstream store is empty, the server may be returning a 200 OK with an empty body, a null value, or a simple JSON array []. Okta expects a full SCIM ListResponse object even when zero results are returned.
  • Incorrect Base URL Pathing: If the Base URL is configured incorrectly (for example, pointing to the root domain instead of the SCIM endpoint), the server might return a generic success page (HTML) or a different API response that contains no user objects.
  • Network Interception: A firewall, proxy, or Load Balancer is successfully receiving Okta's request and returning a 200 OK, but it is not passing the request to the actual SCIM server, or it is stripping the response payload.
Solution

Follow the steps mentioned below to resolve the issue:

  1. Validate the SCIM Response Format: Confirm that the downstream server returns a properly formatted SCIM ListResponse when no users are present. Use a tool like Postman to check the raw response. It must look like this:  
    {
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
  "totalResults": 0,
  "startIndex": 1,
  "itemsPerPage": 0,
  "Resources": []
}

    NOTE: If the Resources field is missing or the schemas array is incorrect, Okta will throw the error.

  2. Verify the Base URL: Ensure the Base URL in the Provisioning tab does not include /Users. Okta automatically appends /Users to the Base URL during the connection test.

  1. Check Content-Type Headers: The SCIM server must return a header of Content-Type: application/scim+json or application/json. If the server returns text/html (common with proxy intercepts), the connection test will fail.
  2. Isolate Network Intermediaries: Check Load Balancer or WAF logs to see if the request from Okta is being terminated early. Ensure that the GET request with query parameters (filters) is being allowed through to the application.

Related References

Recommended content

Still looking for help?
Loading
Okta SCIM Connector Error: "No results for users returned" When Testing Connection