SCIM metadata syncing

jmarkleyrepay · July 21, 2025, 5:04pm

Hello, I am looking for some guidance on OKTA and SCIM setup, on the OKTA side, I have these 2 variables: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.org_id and urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.manager is being passed from Okta I can see on my app meta data user that the manager is there, but org_id isn’t being added, however, in the auth0 log I can see the org_id being passed correctly. So I am trying to understand why the org_id isn’t coming over when manager is and how I can debug this issue further?

Here’s a log from a SCIM user being created when it is added to the application on the OKTA side we can see the org_id in the logs.

{
  "date": "2025-07-21T16:48:23.988Z",
  "type": "sscim",
  "description": "Creates the requested user",
  "client_name": "",
  "ip": "--",
  "user_agent": "Other 0.0.0 / Other 0.0.0",
  "details": {
    "action": "create_user",
    "connection_id": "con_XjhoU666xvVYKWLd",
    "request": {
      "method": "post",
      "path": "/scim/v2/connections/con_XjhoU666xvVYKWLd/Users",
      "query": {},
      "userAgent": "Okta SCIM Client 1.0.0",
      "ip": "--",
      "body": {
        "schemas": [
          "urn:ietf:params:scim:schemas:core:2.0:User",
          "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
        ],
        "userName": "jm@example.com",
        "name": {
          "givenName": "--",
          "familyName": "--"
        },
        "emails": [
          {
            "primary": true,
            "value": "jm@example.com",
            "type": "work"
          }
        ],
        "title": "Software Engineer",
        "displayName": "J M",
        "locale": "en-US",
        "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
          "department": "IT",
          "manager": {
            "displayName": "B O"
          },
          "org_id": "36084144-c2c5-440b-8f86-398f749c4a83"
        },
        "externalId": "00uh3grt7lhxGPCgp696",
        "groups": [],
        "password": "*****",
        "active": true
      }
    },
    "response": {
      "statusCode": 201,
      "body": {
        "userName": "jm@example.com",
        "emails": [
          {
            "primary": true,
            "value": "jm@example.com"
          }
        ],
        "externalId": "00uh3grt7lhxGPCgp696",
        "active": true,
        "displayName": "J M",
        "name": {
          "givenName": "J",
          "familyName": "M"
        },
        "nickName": "jm",
        "photos": [
          {
            "type": "photo",
            "value": "https://s.gravatar.com/avatar/7f9f4cf0b3aff23652e2df744696ebd7?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fps.png"
          }
        ],
        "title": "Software Engineer",
        "locale": "en-US",
        "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
          "organization": "36084144-c2c5-440b-8f86-398f749c4a83",
          "department": "IT",
          "manager": {
            "displayName": "B O"
          }
        },
        "id": "samlp|36084144-c2c5-440b-8f86-398f749c4a83-foo-samlp-0|jm@example.com",
        "schemas": [
          "urn:ietf:params:scim:schemas:core:2.0:User",
          "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
        ],
        "meta": {
          "resourceType": "User",
          "lastModified": "2025-07-21T16:48:23.978Z",
          "created": "2025-07-21T16:48:23.978Z",
          "location": "/scim/v2/connections/con_XjhoU666xvVYKWLd/Users/samlp%7C36084144-c2c5-440b-8f86-398f749c4a83-foo-samlp-0%7Cphscarboro%40foo.com"
        }
      }
    }
  },
  "environment_name": "foo",
  "log_id": "90020250721164823996280000000000000001223372036957395361",
  "tenant_name": "platform-dev",
  "_id": "90020250721164823996280000000000000001223372036957395361",
  "isMobile": false,
  "location_info": {},
  "id": "90020250721164823996280000000000000001223372036957395361"
}

dawid.matuszczyk · July 31, 2025, 4:14pm

Hi @jmarkleyrepay

Welcome to the Auth0 Community!

Thank you for posting your question. I’m not an expert on this matter, but based on our documentation → https://auth0.com/docs/authenticate/protocols/scim/configure-inbound-scim#attribute-mapping and RFC 7643 - System for Cross-domain Identity Management: Core Schema, you need to change the mapping on the OKTA side from the org_id to organization. I would also advise you to check the Okta Help Center (Lightning), where Okta experts can help you solve your question!

Thanks
Dawid

system · August 14, 2025, 4:14pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Add custom SCIM attribute in Inbound SCIM connection Get Help connections , oidc-enterprise-connection	3	111	April 1, 2025
When SCIM enabled on an OKTA Workforce Enterprise connection app_metadata is deleted rather than merged after an update Get Help connections , saml-enterprise-connection	1	101	March 28, 2025
SCIM Support at Auth0 Knowledge Articles scim	1	5612	May 29, 2023
User Attributes Lost after Login for a SCIM-Enabled Enterprise Connection Knowledge Articles	1	21	May 7, 2025
Support SCIM Provisioning for Auth0 Tenant Product Feedback auth0	2	1690	July 19, 2024

SCIM metadata syncing

Related topics