Okta CEM Reference App

Two flows, two user namespaces.

This app implements the same end goal — Okta governing access to a custom application — through two distinct integration models. Each flow is backed by its own Okta app and provisions its own users via SCIM. Pick a flow to demo.

BYO

BYO Entitlements

Plain SAML 2.0 + IGA-managed entitlement attributes. Catalog values live in Okta and grants flow at SAML login. Optional SCIM provisioning into the BYO user namespace.

  • Okta IGA Entitlement Management defines attribute values
  • SAML attribute statements appuser.access + appuser.role
  • SCIM endpoint at /byo/scim/v2 for the BYO Okta app
Not configured — add via /admin/integrations SCIM

Governance with SCIM 2.0

Okta IGA discovers the catalog from the app and SCIM-PATCHes user grants in real time. Bidirectional, full IGA features. Provisions into the SCIM user namespace.

  • Okta imports /scim/scim/v2/Roles + /scim/scim/v2/Entitlements
  • App receives grants via SCIM PATCH on /scim/scim/v2/Users/{id}
  • Dashboard reads grants from the local DB
Try the SCIM demo →
Sign in to admin

Manage the entitlement catalog, SAML integrations, and provisioned users.

Hosted at iga.salteau.ca.