Configuring OAuth for SCIM in Okta

Follow these steps to configure OAuth2 authentication for SCIM provisioning in Okta.

About this task

Okta supports OAuth2 as an authentication method for SCIM provisioning. This section explains how to set up OAuth2 integration between Okta and Faspex.

Procedure

  1. In Okta, go to Provisioning > Integration and set the Authentication Mode to OAuth2.
  2. Enter the following values in Okta:
    • Access token endpoint URI: https://{your_faspex_domain}/aspera/faspex/auth/token/
    • Authorization endpoint URI: https://{your_faspex_domain}/aspera/faspex/auth/authorize
  3. To generate the Client ID and Client Secret, log in to the Faspex UI and follow these steps:
    1. Go to Admin > Configurations > API Clients.
    2. Click Create New.
    3. Enter a name for the API client.
    4. Enable the following options:
      • Enable JWT grant type
      • Allow refresh token
    5. Add the following redirect URIs:
      
https://system-admin.okta.com/admin/app/cpc/{appName}/oauth/callback
https://system-admin.okta-emea.com/admin/app/cpc/{appName}/oauth/callback
https://system-admin.oktapreview.com/admin/app/cpc/{appName}/oauth/callback
https://system-admin.trexcloud.com/admin/app/cpc/{appName}/oauth/callback

      Refer to the Okta documentation to find your {appName}: Find appName in Okta

    6. Set the Access token and Refresh token expiration times to 7 days for both.
    7. Click Create to generate the Client ID and Client Secret.
  4. Back in Okta, use the generated Client ID and Client Secret to fill in the corresponding fields.
  5. Click Save in Okta.
  6. Click Test Connector Configuration to verify that the authentication works as expected.