Okta Inbound SCIM with Roles Fails with Invalid Payload fscim Error

Overview

This article explains why an Okta inbound SCIM configuration with the roles attributes result in a schema validation error with scimType: "invalidSyntax".

The relevant part of the error log:

....
 "response": {
   "statusCode": 400,
   "body": {
    "scimType": "invalidSyntax",
    "schemas": [
     "urn:ietf:params:scim:api:messages:2.0:Error"
    ],
    "detail": "Invalid payload",
    "status": "400"
   }
...

Applies To

  • SCIM
  • Okta
  • Roles

Cause

In the SCIM 2.0 specification, the roles attribute falls under the section multi-valued attribute. see RFC 7643 Section 4.1.2.

Solution

To understand how to sync application-specific roles from Okta, refer to How to Add Multi-value Roles in SCIM Cloud Integration.