TestO.40323 (Customer) asked a question.
How To Identify If A Org Has Enabled SCIM integration Or Not
Suppose we have a SCIM enabled app. So we are acting as SCIM enabled SP. Now one organization activates SCIM provisioning for our app in Okta. How do we identify it or get notified about it? What I saw is that one GET api call happens when SCIM is integrated. But that same call can happen other times too.
And how do we identify that the organization has deactivated SCIM provisioning after some time?
Hi there,
When a provisioning option is enabled for an application, Okta will send two requests, one to /Users endpoint and one to /Groups endpoint (if enabled), as follows:
GET /path/to/scim/v2/Users HTTP/1.1
Accept: application/scim+json
Accept-Charset: utf-8
User-Agent: Okta SCIM Client 1.0.0
Authorization: Bearer <token>
The easiest way to narrow down this requests is by checking for the user agent "Okta SCIM Client 1.0.0" which is present every time.
The GET request will also occur during two other operations:
- during an import: in order to read the totalResults and calculate the total number of pages through which Okta will go in order to retrieve the resources
- during an assignment: in order to check if the resource already exists on the server
Regarding deactivating provisioning, we do not an option yet to notify the SP when this event occurs, however I'd like to encourage you to raise this as a feature enhancement over our Okta Community by going to Product >> Ideas. Features suggested in our community are reviewed and can be voted and commented on by other members of the community, therefore making it much easier for the engineering team to understand the priorities that you have for feature requests.
Dragos Gaftoneanu
Developer Support Engineer
Okta Global Customer Care