SCIM metadata syncing

Hello, I am looking for some guidance on OKTA and SCIM setup, on the OKTA side, I have these 2 variables: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.org_id and urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.manager is being passed from Okta I can see on my app meta data user that the manager is there, but org_id isn’t being added, however, in the auth0 log I can see the org_id being passed correctly. So I am trying to understand why the org_id isn’t coming over when manager is and how I can debug this issue further?

Here’s a log from a SCIM user being created when it is added to the application on the OKTA side we can see the org_id in the logs.

{
  "date": "2025-07-21T16:48:23.988Z",
  "type": "sscim",
  "description": "Creates the requested user",
  "client_name": "",
  "ip": "--",
  "user_agent": "Other 0.0.0 / Other 0.0.0",
  "details": {
    "action": "create_user",
    "connection_id": "con_XjhoU666xvVYKWLd",
    "request": {
      "method": "post",
      "path": "/scim/v2/connections/con_XjhoU666xvVYKWLd/Users",
      "query": {},
      "userAgent": "Okta SCIM Client 1.0.0",
      "ip": "--",
      "body": {
        "schemas": [
          "urn:ietf:params:scim:schemas:core:2.0:User",
          "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
        ],
        "userName": "jm@example.com",
        "name": {
          "givenName": "--",
          "familyName": "--"
        },
        "emails": [
          {
            "primary": true,
            "value": "jm@example.com",
            "type": "work"
          }
        ],
        "title": "Software Engineer",
        "displayName": "J M",
        "locale": "en-US",
        "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
          "department": "IT",
          "manager": {
            "displayName": "B O"
          },
          "org_id": "36084144-c2c5-440b-8f86-398f749c4a83"
        },
        "externalId": "00uh3grt7lhxGPCgp696",
        "groups": [],
        "password": "*****",
        "active": true
      }
    },
    "response": {
      "statusCode": 201,
      "body": {
        "userName": "jm@example.com",
        "emails": [
          {
            "primary": true,
            "value": "jm@example.com"
          }
        ],
        "externalId": "00uh3grt7lhxGPCgp696",
        "active": true,
        "displayName": "J M",
        "name": {
          "givenName": "J",
          "familyName": "M"
        },
        "nickName": "jm",
        "photos": [
          {
            "type": "photo",
            "value": "https://s.gravatar.com/avatar/7f9f4cf0b3aff23652e2df744696ebd7?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fps.png"
          }
        ],
        "title": "Software Engineer",
        "locale": "en-US",
        "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
          "organization": "36084144-c2c5-440b-8f86-398f749c4a83",
          "department": "IT",
          "manager": {
            "displayName": "B O"
          }
        },
        "id": "samlp|36084144-c2c5-440b-8f86-398f749c4a83-foo-samlp-0|jm@example.com",
        "schemas": [
          "urn:ietf:params:scim:schemas:core:2.0:User",
          "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
        ],
        "meta": {
          "resourceType": "User",
          "lastModified": "2025-07-21T16:48:23.978Z",
          "created": "2025-07-21T16:48:23.978Z",
          "location": "/scim/v2/connections/con_XjhoU666xvVYKWLd/Users/samlp%7C36084144-c2c5-440b-8f86-398f749c4a83-foo-samlp-0%7Cphscarboro%40foo.com"
        }
      }
    }
  },
  "environment_name": "foo",
  "log_id": "90020250721164823996280000000000000001223372036957395361",
  "tenant_name": "platform-dev",
  "_id": "90020250721164823996280000000000000001223372036957395361",
  "isMobile": false,
  "location_info": {},
  "id": "90020250721164823996280000000000000001223372036957395361"
}

Hi @jmarkleyrepay

Welcome to the Auth0 Community!

Thank you for posting your question. I’m not an expert on this matter, but based on our documentation → https://auth0.com/docs/authenticate/protocols/scim/configure-inbound-scim#attribute-mapping and RFC 7643 - System for Cross-domain Identity Management: Core Schema, you need to change the mapping on the OKTA side from the org_id to organization. I would also advise you to check the Okta Help Center (Lightning), where Okta experts can help you solve your question!

Thanks
Dawid

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.