To enable SCIM, you first need an existing application in Okta. If you haven't created an application yet, please follow these instructions.
After creating the application for the Okta SCIM connection, follow these steps:
Log in to your Okta account and navigate to Applications > Applications. Alternatively, you can visit the following path: /admin/apps/active on your Okta project base URL to view the list of existing applications.
In the list, find and click on your application.
In the General tab, click Edit, check the Enable SCIM provisioning checkbox, and click the Save button.
Open the Sign On tab and click the Edit button. In the Credential Details section, select Custom as the Application username format and enter the user.email in the expression input that has been shown. Then click the Save button.
Select the Provisioning tab. If it hasn’t been added to your application, refresh the page, then click the Edit button.
Fill in the SCIM Connector Base URL with the SCIM endpoint base URL from the SAML Single Sign-On page.
Enter userName in the Unique Identifier field for user input.
Check the Push New Users and Push Profile Updates checkboxes.
Select HTTP Header from the Authentication Mode dropdown.
Use the token you created with the Manage Users with SCIM scope to populate the Authorization field.
Click the Test connection button
If everything has been configured correctly according to the manual, the “Connector configured successfully” message will appear.
Click the Close button, then click the Save button to persist the configurations.
After saving the connection information, you'll see the To App menu in the left pane of the Provisioning tab. Click on it, then click the Edit button at the top of the page. Check the Enable checkboxes for Create Users, Update User Attributes, and Deactivate Users to reflect all of your actions in PowerDMARC.
Scroll to the end of the To App menu, where SCIM2 Attribute Mappings is located, and in the Attributes section, delete all deletable records except the Display Name field by clicking the x icon next to each record.
In the left pane, go to Directory > Profile Editor (accessible at the path: /admin/universaldirectory).
In the list, find and click on your application.
Given Name and Family Name are required by default. Open these two records by clicking the pen icon, uncheck the Attribute Required checkbox, then click Save Attribute to persist the changes.
From now on, users who have been assigned to this application will be sent to PowerDMARC.