SDKsTypeScript SDKAdmin API
Directory Sync
Configure SCIM 2.0 directory synchronization for enterprise organizations with the TypeScript SDK.
Directory Sync
Directory sync uses SCIM 2.0 to automatically provision and deprovision users from enterprise identity providers (Okta, Microsoft Entra ID, Google Workspace, OneLogin, etc.).
createDirectorySync()
Enable directory sync for an organization.
client.admin.createDirectorySync(params: CreateDirectorySyncParams): Promise<DirectorySync>Parameters
| Name | Type | Required | Description |
|---|---|---|---|
organizationId | string | yes | Organization ID |
name | string | yes | Display name (e.g., "Okta SCIM") |
provider | string | no | Provider hint ("okta", "entra", "google", "onelogin", "generic") |
Returns
interface DirectorySync {
id: string;
organizationId: string;
name: string;
scimBaseUrl: string; // SCIM endpoint URL to configure in the IdP
scimToken: string; // Bearer token for SCIM auth (shown once)
status: "active" | "inactive";
provider: string;
lastSyncAt: string | null;
userCount: number;
groupCount: number;
createdAt: string;
}Basic usage
const directory = await client.admin.createDirectorySync({
organizationId: "org_abc123",
name: "Okta User Provisioning",
provider: "okta",
});
console.log("Configure these in your identity provider:");
console.log(" SCIM Base URL:", directory.scimBaseUrl);
console.log(" Bearer Token:", directory.scimToken);
console.log("\nSave the token -- it will not be shown again.");listDirectorySyncs()
const result = await client.admin.listDirectorySyncs({
organizationId: "org_abc123",
});
for (const dir of result.directories) {
console.log(dir.id, dir.name, dir.status, dir.lastSyncAt, dir.userCount);
}getDirectorySyncStatus()
Check the sync status including recent events and error counts.
const status = await client.admin.getDirectorySyncStatus({
directoryId: "dir_abc123",
});
console.log("Status:", status.status);
console.log("Users synced:", status.userCount);
console.log("Groups synced:", status.groupCount);
console.log("Last sync:", status.lastSyncAt);
console.log("Errors (24h):", status.recentErrors);listDirectoryUsers()
List users provisioned via SCIM.
const users = await client.admin.listDirectoryUsers({
directoryId: "dir_abc123",
pageSize: 50,
});
for (const user of users.users) {
console.log(user.email, user.status, user.scimExternalId, user.groups);
}regenerateScimToken()
Regenerate the SCIM bearer token (invalidates the old one immediately).
const result = await client.admin.regenerateScimToken({
directoryId: "dir_abc123",
});
console.log("New SCIM token:", result.scimToken);
console.log("Update this in your identity provider.");deleteDirectorySync()
Disable directory sync. Provisioned users remain but will no longer be synced.
await client.admin.deleteDirectorySync({
directoryId: "dir_abc123",
});Common errors
| Error class | HTTP status | When |
|---|---|---|
NotFoundError | 404 | Directory not found |
ForbiddenError | 403 | Insufficient permissions |
ConflictError | 409 | Directory already exists for this org |
See also
- SSO connections -- SAML/OIDC SSO
- Organizations -- Organization management