-
Notifications
You must be signed in to change notification settings - Fork 625
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
f01a772
commit e1b984b
Showing
1 changed file
with
1 addition
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,7 +2,7 @@ | |
| | ----------------- | ------------ | | ||
| | **Base URL** `*` | Specify the base URL for your SCIM server. The base URL must support the HTTPS protocol. If you're using a per tenant design, include the variable names that you created in your URL. For example:` 'https://' + app.subdomain + '.example.com/scim2/' `. See [Dynamic properties with Okta Expression Language](#dynamic-properties-with-okta-expression-language).<br>The maximum field length is 1024 characters. | | ||
| | **What objects do you want Okta to manage in your integration?** `*` | Select the objects that you want Okta to manage with your SCIM integration. <br> <ul><li> **Users**: Okta manages users in your app by default. </li><li> **Groups**: Select this option if you also want Okta to manage groups in your app.</li></ul> | | ||
| | **Authentication mode** `*` | Select the authentication mode to make outbound calls to your SCIM server. <br> <ul><li> **Header**: Uses authorization header with a customer-provided token in the following format: `Authorization: {API token}` </li><li> **Bearer**: Uses authorization header with a customer-provided bearer token in the following format: `Authorization: Bearer {API token}`</li><li> **OAuth 2**: Uses OAuth 2.0 authorization code grant flow with the following:<br> <ul><li>**Authorize endpoint**: Specify the authorize endpoint. The endpoint URL must support the HTTPS protocol. For example: `https://myexample.com/oauth2/auth`<br> You can specify a dynamic endpoint URL. See [Dynamic properties with Okta Expression Language](#dynamic-properties-with-okta-expression-language).</li><li>**Token endpoint**: Specify the token endpoint. The endpoint URL must support the HTTPS protocol. For example: `https://myexample.com/oauth2/token`<br> You can specify a dynamic endpoint URL. See [Dynamic properties with Okta Expression Language](#dynamic-properties-with-okta-expression-language).</li><li>**Client ID**: Specify the client ID.</li><li>**Client secret**: Specify the client secret.</li></ul> </li></ul> **Note**: Basic authentication isn't supported. See [SCIM integration limitations](/docs/guides/submit-app-prereq/main/#scim-integration-limitations). | | ||
| | **Authentication mode** `*` | Select the authentication mode to make outbound calls to your SCIM server. <br> <ul><li> **Header**: Uses authorization header with a customer-provided token in the following format: `Authorization: {API token}` </li><li> **Bearer**: Uses authorization header with a customer-provided bearer token in the following format: `Authorization: Bearer {API token}`</li><li> **OAuth 2**: Uses OAuth 2.0 authorization code grant flow with the following:<br> <ul><li>**Authorize endpoint**: Specify the HTTPS authorize endpoint. For example: `https://myexample.com/oauth2/auth`<br> You can specify a dynamic endpoint URL. See [Dynamic properties with Okta Expression Language](#dynamic-properties-with-okta-expression-language).</li><li>**Token endpoint**: Specify the HTTPS token endpoint. For example: `https://myexample.com/oauth2/token`<br> You can specify a dynamic endpoint URL. See [Dynamic properties with Okta Expression Language](#dynamic-properties-with-okta-expression-language).</li><li>**Client ID**: Specify the client ID.</li><li>**Client secret**: Specify the client secret.</li></ul> </li></ul> **Note**: Basic authentication isn't supported. See [SCIM integration limitations](/docs/guides/submit-app-prereq/main/#scim-integration-limitations). | | ||
| | **User operations** `*` | Select user operations for your SCIM integration. <br> <ul><li> **Create**: Okta can create users in your app.</li><li> **Read** `*`: Okta can read users from your app.</li><li>**Update**: Okta can update users in your app.</li><li>**Change password**: Okta can update user passwords in your app.</li><li>**Deactivate**: Okta can deactivate users in your app.</li><li>**Support PATCH for User**: Okta can update users with the PATCH method in your app. </li> </ul> **Note**: **Import users** capability is enabled by default. **Profile sourcing** isn't supported, contact the [OIN team](mailto:[email protected]) if your integration must support this capability.| | ||
| | **Group operations** | Group operations for your SCIM integration. These are all selected by default if your integration manages the **Groups** object. <br> <ul><li> **Create**: Okta can create groups in your app.</li><li> **Read** `*`: Okta can read groups from your app.</li><li>**Update (Uses PATCH)**: Okta can update groups in your app with the PATCH method.</li> <li> **Delete**: Okta can delete groups in your app.</li> </ul> **Note**: **Import groups** capability is enabled by default.| | ||
| | **Link to configuration guide** `*` | Specify the URL link to your customer-facing instructions on how to configure SCIM provisioning between Okta and your app. See [Customer configuration document guidelines](/docs/guides/submit-app-prereq/main/#customer-configuration-document-guidelines).| | ||
|
|
||