Enable provisioning using SCIM API
Learn how to enable provisioning using the SCIM API by configuring OAuth 2.0 client settings and attribute mappings in Okta for Zuora OneID.
- Create an OAuth 2.0 client for authorization code grant type in OneID. For more detailed information, see Manage OAuth 2.0 clients
- Log in to Okta and go to the Applications tab.
- Click the application for Zuora OneID.
- On the General tab, click Edit under App Settings , and then select Provisioning - SCIM . The Provisioning tab opens.
- Click the Integration menu under the Settings section.
- Complete the SCIM Connection settings:
-
SCIM connector base URL:
https://one.zuora.com/scim/v2 -
Unique identifier field for users:
userName -
Supported provisioning actions: Select the Push New Users , Push Profile Updates , and Push Groups checkboxes depending on your requirements
-
Authentication Mode:
OAuth 2 -
Access Token endpoint URI:
https://one.zuora.com/oauth2/token -
Authorization endpoint URI:
https://one.zuora.com/oauth2/authorize -
Client ID: the client ID you received in step 1
-
Client Secret: the client secret you received in step 1
-
- Click Save .
- Click Re-authenticate with <your app name> to authenticate with the Zuora OneID application and generate an authentication token for SCIM provisioning.
- After the Oauth authentication is successful, click To App .
- In the Provisioning to App section, select the Enable checkbox for the following options:
-
Create Users
-
Update User Attributes
-
Deactivate Users
-
- In the Attribute Mappings section, configure attribute mappings. Zuora OneID needs the following attributes:
-
Username
-
Given name
-
Family Name
-
Email
-
Primary email type
-
Preferred language
-
Locale Name
-
For more information, see Add SCIM provisioning to app integrations.