Examples of Synchronization from Okta via SCIM

Tencent Cloud Organization

Product Introduction

Operation Guide

Organization Settings

Usage Limitations Description

Creating Organization

Viewing Organization Information

Deleting Organization

Viewing Invitation Information

Accepting or Rejecting Invitation

Quitting Organization

Department Management

Creating Department

Modifying Department Information

Deleting Department

Moving Member

Member Account Management

Viewing Member List and Basic Information

Removing Organization Member

Adding Organization Member

Canceling Member Invitation

Binding Tags to Members and Departments

Creating Member Login Permission

Configuring Member Login Permission

Authorizing Sub-Users to Log in to Member Accounts

Configuring Message Subscription for Created Member

Binding Security Information for Members

Deleting Created Organization Member

Enabling Member Deletion Permission

Member Finance Management

Organization Finance Overview

Finance Management Mode

Unified Organization Payment Mode (Pay-on-Behalf)

Pay-on-Behalf Mode Access Requirements

Supported Capabilities and Rules

Member Self-Pay Mode

Member Access Management

Service Control Policy

Overview

Enabling Service Control Policy

Creating Custom Service Control Policy

Viewing Service Control Policy Details

Modifying Custom Service Control Policy

Deleting Custom Service Control Policy

Binding Custom Service Control Policy

Unbinding Custom Service Control Policy

Disabling Service Control Policy

Resource Management

Resource Sharing

Overview

Management of Shared Resources by the Sharer

Sharing Resources with Any Account

Sharing Resources Only Within Group Accounts

Additional Operations

Viewing Shared Units

Editing a Shared Unit

Deleting Shared Units

Management of Shared Resources by the Shared User

Viewing Details of Shared Resources

Shared User's Acceptance or Rejection of Joining a Shared Unit

Exiting a Shared Unit

Organization Service Management

Overview

Managing Delegated Admin Account

Member Audit

Auditing Member Log

Identity Center Management

Introduction to Identity Center

Basic Concepts

Identity Center Use Cases

Activate Services

Manage Users

Manage User Groups

Settings

SCIM Synchronization

Managing SCIM Keys

Enabling or Disabling SCIM Synchronization

Examples of SCIM Synchronization

Examples of Synchronization from Azure AD via SCIM

Examples of Synchronization from Okta via SCIM

Examples of Synchronization from OneLogin via SCIM

Synchronizing Users with OneLogin

Synchronizing User Groups with OneLogin

SCIM 2.0 API

SSO Login

Manage SSO

Manage Permission Configuration

Overview of Permission Configuration

Permission Configuration

Manage Preset Policies

Manage Custom Policies

Redeploy Permission Configuration

Undeploy Permission Configuration

Manage Multi-account Authorization

Overview of Multi-Account Authorization

Configure CAM Role Synchronization

View/Modify/Delete Authorization

Manage CAM User Synchronization

Configure CAM User Synchronization

View/Modify/Delete User Synchronization

User Login

Identity Center User Login

Get a Temporary Access Credential

API Documentation

Making API Requests

Organization Settings APIs

Department and Member Management APIs

AddOrganizationNode

UpdateOrganizationNode

DeleteOrganizationNodes

DescribeOrganizationNodes

InviteOrganizationMember

CreateOrganizationMember

UpdateOrganizationMember

DeleteOrganizationMembers

DescribeOrganizationMembers

MoveOrganizationNodeMembers

AddOrganizationMemberEmail

UpdateOrganizationMemberEmailBind

DescribeOrganizationMemberEmailBind

SendOrgMemberAccountBindEmail

ListOrganizationIdentity

DescribeOrganizationMemberAuthIdentities

DescribeOrganizationMemberPolicies

BindOrganizationMemberAuthAccount

CancelOrganizationMemberAuthAccount

DescribeOrganizationMemberAuthAccounts

CreateOrganizationMemberPolicy

Unified Member Login APIs

CreateOrganizationIdentity

UpdateOrganizationIdentity

DeleteOrganizationIdentity

CreateOrganizationMemberAuthIdentity

DeleteOrganizationMemberAuthIdentity

CreateOrganizationMembersPolicy

DeleteOrganizationMembersPolicy

Organization Service Management APIs

ListOrganizationService

CreateOrgServiceAssign

DeleteOrgServiceAssign

ListOrgServiceAssignMember

Resource Sharing APIs

DeleteShareUnitMembers

AcceptJoinShareUnitInvitation

RejectJoinShareUnitInvitation

DescribeShareUnitMembers

AddShareUnitResources

DeleteShareUnitResources

DescribeShareUnitResources

DescribeShareAreas

Identity Center Management APIs

OpenIdentityCenter

DescribeIdentityCenter

UpdateZone

GetZoneStatistics

Identity Center User Management APIs

Identity Center User Group Management APIs

ListJoinedGroupsForUser

Identity Center Management SCIM Synchronization APIs

CreateSCIMCredential

DeleteSCIMCredential

UpdateSCIMCredentialStatus

UpdateSCIMSynchronizationStatus

GetSCIMSynchronizationStatus

ListSCIMCredentials

Identity Center Single Sign-On Management APIs

AddExternalSAMLIdPCertificate

ClearExternalSAMLIdentityProvider

GetExternalSAMLIdentityProvider

GetZoneSAMLServiceProviderInfo

ListExternalSAMLIdPCertificates

RemoveExternalSAMLIdPCertificate

SetExternalSAMLIdentityProvider

Identity Center Permission Configuration Management APIs

ListRoleConfigurationProvisionings

CreateRoleConfiguration

ListRoleConfigurations

ListPermissionPoliciesInRoleConfiguration

GetRoleConfiguration

RemovePermissionPolicyFromRoleConfiguration

UpdateCustomPolicyForRoleConfiguration

UpdateRoleConfiguration

AddPermissionPolicyToRoleConfiguration

DeleteRoleConfiguration

Identity Center Multi-Account Authorization Management APIs

CreateRoleAssignment

DeleteRoleAssignment

DismantleRoleConfiguration

ProvisionRoleConfiguration

ListRoleAssignments

ListTasks

GetTaskStatus

Identity Center Sub-User Synchronization Management APIs

ListUserSyncProvisionings

CreateUserSyncProvisioning

DeleteUserSyncProvisioning

GetProvisioningTaskStatus

GetUserSyncProvisioning

UpdateUserSyncProvisioning

Data Types

Error Codes

TCO API 2018-12-25

Related Agreement

Statement of Tencent Cloud Customers’ Tencent Cloud Organization

FAQs

DocumentationTencent Cloud OrganizationOperation GuideIdentity Center ManagementSettingsSCIM SynchronizationExamples of SCIM SynchronizationExamples of Synchronization from Okta via SCIM

Examples of Synchronization from Okta via SCIM

Download PDF

Last updated: 2025-04-10 14:49:08

Examples of Synchronization from Okta via SCIM

Last updated: 2025-04-10 14:49:08

Download PDF

This document introduces how to synchronize users or user groups in Okta to Tencent Cloud Identity Center through SCIM protocol.
Configuring in the Identity Center
Step 1: Enable SCIM Sync
1. Log in to Tencent Cloud Organization > Identity Center.
2. In the left sidebar, click User Management > Settings.
3. In the SCIM User Synchronization Configuration area, click 
﻿
. In the popup window, click Enabled to enable SCIM synchronization. 
﻿
4. Enabled. In the SCIM User Synchronization Configuration area, view or copy SCIM server address. This address will be used when configuring SCIM synchronization in the external IdP.
Chinese: https://scim.tencentcloudsso.com/scim/v2
International: https://scim.tencentcloudssointl.com/scim/v2
﻿
Step 2: Create a SCIM Key
1. In the SCIM User Synchronization Configuration area, click Generate New SCIM Key.
﻿
2. In the Create CredentialSecret dialog box, you can save the SCIM key by downloading a CSV file or copying. After saving the key, click OK.
﻿
Okta Configuration
Step 1: Create an Application in Okta
1. Log in to Okta. In the left sidebar, select Applications > Applications. Then enter all Applications and click Create APP Integration to Create an application.
﻿
2. In the pop-up Create a new app integration window, select SAML 2.0 and click Next.
﻿
3. Enter the Create SAML Integration page and complete the application configuration.
3.1 On the General Settings page, fill in App name and click Next.
﻿
3.2 On the Configure SAML page, fill in Single sign-on URL and Audience URL(SP Entity ID). This information corresponds to Identity Center > User Management > Settings > SSO Login, Service Provider(SP) Information in ACS URL and Entity ID. After completing the filling, click Next.
﻿
3.3 On the Feedback page, select Contact app vendor and click Finish to complete application creation.
﻿
Step 2: Configure Basic Information for SCIM Synchronization
1. In the left sidebar, select Applications > Applications, then enter all applications and select the target application.
﻿
2. On the General page, click Edit. Then, set the Provisioning option to SCIM. Click Save. The Provisioning tab will appear.
﻿
3. On the Provisioning page, click Edit to proceed with editing. Fill in content as follows:
SCIM connector base URL: fill in SCIM Server Address.
China site: https://scim.tencentcloudsso.com/scim/v2
International site: https://scim.tencentcloudssointl.com/scim/v2
Unique identifier field for users: fill in userName.
Supported provisioning actions: Select all.
Authentication Mode: select HTTP Header.
Authorization: fill in the CredentialSecret obtained from Step 2: Create a SCIM Key.
﻿
4. Test the connection. Click Test Connector Configuration, and then view the test results.
If the test is successful, click Save. Otherwise, modify the configuration until the test is successful.
﻿
5. After the test is successful, the To App tab appears on the left side of the Provisioning page. In the Provisioning to App area on the To App page, click Edit.
Check Enable in Create Users, Update User Attributes and Deactivate Users, and click Save to complete the configuration.
﻿
Step 3: Synchronize User/Synchronize User Groups
Synchronize User
Synchronize User Groups
Synchronize User
1. On the Assignments page, click Assign, select Assign to People to assign users to the application.
﻿
2. In the Assign okta_test to People pop-up window, select the target user and click Assign. Click Save and Go Back in the new window to start sync.
﻿
3. Synchronized users are displayed on the People page.
﻿
Result Verification
1. Log in to TCO > Identity Center.
2. Click User Management > User in the left sidebar, view the List of Users page. The source of synchronized users will be automatically identified as External Import.
﻿
Synchronize User Groups
Synchronizing user groups requires two steps: first assign user groups to applications via Assignments, then synchronize user groups to the identity center via Push Groups.
1. Assign user groups to applications.
1.1 On the Assignments page, click the Assign button and select Assign to Groups.
﻿
1.2 In the Assign okta_test to Groups pop-up window, select the target user group and click Assign. Click Save and Go Back in the new window to complete the assignment.
﻿
1.3 Allocated users are displayed on the Groups page.
﻿
2. Synchronize user groups to the identity center via Push Groups.
2.1 On the Push Groups page, click Push Groups and select Find groups by name.
﻿
2.2 Search for the user group name, select it, and click Save to start syncing the target user group.
﻿
2.3 Synchronized user groups are displayed on the Push Groups page.
﻿
Result Verification
1. Log in to Tencent Cloud Organization > Identity Center.
2. Click User Management > User Groups in the left sidebar, view the user group list. The source of synchronized user groups will be automatically identified as External Import.
﻿
﻿