Okta SCIM Provisioning

Status: Scaffold — content in progress

SCIM (System for Cross-domain Identity Management) 2.0 is the protocol Okta uses to provision/deprovision users in downstream SaaS applications automatically.

How It Works

Admin configures SCIM integration in Okta (app → Provisioning tab)
Okta sends HTTP requests to the app's SCIM endpoint on user create/update/deactivate
App creates/updates/deactivates corresponding user

Security Considerations

SCIM bearer tokens should be rotated; often set-and-forgotten
Overly broad provisioning scope can create accounts in downstream apps unintentionally
Deprovisioning failures leave orphaned accounts in downstream systems

Cross-Links

Topic	Link
Okta Overview	okta-overview

How It Works​

Security Considerations​

Cross-Links​

How It Works

Security Considerations

Cross-Links