Add custom SCIM attribute in Inbound SCIM connection

Get Help
,
1

I’m trying to set up Inbound SCIM provisioning using Okta following Configure Inbound SCIM. However, when I try to use an attribute that is not part of the Core SCIM RFC RFC 7643 sections 3.1, 4.1, and 4.3, the mapping doesn’t work.

I have this mapping:

{
        "scim": "urn:ietf:params:scim:schemas:core:2.0:User.svixOrgGroupRole",
        "auth0": "app_metadata.svix_role"
    }

The SCIM connection is working correctly, but when Okta makes the SCIM request to Auth0, the svixOrgGroupRole seems to be ignored, and app_metadata is not populated.

{
  "action": "update_user",
  "connection_id": "con_7v7aINDfFEUKPS1h",
  "request": {
    "method": "put",
    "path": "/scim/v2/connections/con_7v7aINDfFEUKPS1h/Users/okta%7Coktatest%7C00up5aso88HAixy7R697",
    "query": {},
    "userAgent": "Okta SCIM Client 1.0.0",
    "ip": "44.224.222.198",
    "body": {
      "userName": "...",
      "emails": [...],
      "externalId": "...",
      "active": true,
      "displayName": "...",
      "name": {
        "givenName": "...",
        "familyName": "..."
      },
      "photos": [],
      "userType": "admin",
      "locale": "en-US",
      "id": "...",
      "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User"
      ],
      "meta": {
        "resourceType": "User",
        "lastModified": "2025-03-17T17:16:20.389Z",
        "created": "2025-03-12T18:42:50.340Z",
        "location": "/scim/v2/connections/con_7v7aINDfFEUKPS1h/Users/okta%7Coktatest%7C00up5aso88HAixy7R697"
      },
      "svixOrgGroupRole": "viewer",
      "groups": []
    }
  },
  "response": {
    "statusCode": 200,
    "body": {
      "urn:ietf:params:scim:schemas:core:2.0:User": {},
      "userName": "...",
      "emails": [
        {
          "primary": true,
          "value": "..."
        }
      ],
      "externalId": "...",
      "active": true,
      "displayName": "...",
      "name": {
        "givenName": "...",
        "familyName": "..."
      },
      "nickName": "...",
      "photos": [...],
      "userType": "admin",
      "locale": "en-US",
      "id": "...",
      "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User"
      ],
      "meta": {
        "resourceType": "User",
        "lastModified": "2025-03-17T17:23:03.359Z",
        "created": "2025-03-12T18:42:50.340Z",
        "location": "/scim/v2/connections/con_7v7aINDfFEUKPS1h/Users/okta%7Coktatest%7C00up5aso88HAixy7R697"
      }
    }
  }
}

Is this expected? How do I add a custom attribute then?

3

Hi @lucho

Welcome back to the Auth0 Community!

Thank you for posting your question. Unfortunately, custom user attributes are not currently supported. I would encourage you to open a new thread in the Product Feedback category, and I will route this to the team responsible for the feature as an opportunity for the future.

Thanks!
Dawid

4

Thanks for the confirmation!

That’d be good to have, but since we need to get this feature built now, I think we are going to use the roles attribute and add a role with a specific type there.

Thanks!

1 Like