Setting up SCIM with Okta
SCIM requests are sent from a workforce IdP to Stytch, so the first step is to create a test instance with a popular workforce IdP like Okta.
1Enable SCIM provisioning for app
If you already have an existing SAML application in Okta, you can enable SCIM provisioning for this application by navigating to the General tab of the application and checking “Enable SCIM Provisioning” under the app settings.
Save this change.
2Create SCIM Connection in Stytch
Create a SCIM Connection in Stytch (using the dashboard or the Create SCIM Connection API) with okta as the IdP.
Click save and you'll create a SCIM Connection with a Base URL and Bearer Token.
Leave this tab open and navigate back to Okta to input the returned credentials.
3Configure Okta SCIM settings
Navigate to the new “Provisioning” tab in the application view of Okta. Edit the SCIM Connection settings and change the Authentication mode to HTTP Header. Copy the Stytch SCIM Connection BaseURL into the “SCIM connector base URL” field and copy the returned HTTP Bearer Token into the HTTP Header Authorization Bearer Token field.
Set the Unique identifier to userName and select all Push provisioning actions.
Your connection settings should look as follows:
Save.
4Provision users
Once saved, you can test the SCIM integration by Assigning/Removing people from the application and seeing these changes propagate to your Stytch Member records. You can also configure Webhooks to receive notifications in your system when changes occur.
5(Optional) Configure webhooks
To notify your own system of changes that occur via SCIM, you can configure webhooks.