Hi Lloyd

Not sure how SCIM fits into the picture but you can use the existing OAuth2 authentication plugin for Okta accounts

In the [Okta documentation|https://developer.okta.com/docs/reference/api/oidc/], the authorisation endpoint is listed as being 'https://${yourOktaDomain}/oauth2'. All you should need to do is correct the endpoints to point to the Otka domain.

We are in the process of writing some more documentation to help with this and I have shared our unpublished documentation below.

After a service has been set up you can edit it via the 'Edit' column from 'Server > OAuth 2 services' via the Administration menu. 

• Edit allows you to adjust the settings
• Configure endpoints allows you to edit, delete, or add endpoint URLs.

The issuer's endpoints are the URLs which Totara connects to. There are three endpoints required for user authentication: authorization_endpoint, token_endpoint and userinfo_endpoint.

For Google, Microsoft, Facebook, Nextcloud services you will not need to configure these endpoints, as these will be URLs for the OAuth provider. For example, an endpoint for Google would be https://accounts.google.com/o/oauth2/v2/auth. For custom services, you will need to add the endpoints.

When configuring the endpoints for a service you can add more endpoints by clicking 'Create new endpoint' for issuer "IssuerName", then add the endpoint name and URL.

• Configure user field mappings allows you to edit, delete, or create mappings between user data fields on the issue site and your Totara site to ensure the correct information is brought across
• Delete allows you to remove that service
• Disable or Enable - disabling a service means that it can no longer be used but all of the configuration information is kept in the system for future use.

I hope that helps and do let us know how you get on. :)