3403742 - SCIM type system OKTA: Client Credentials requests to the Org Authorization Server must use the private_key_jwt token_endpoint_auth_method

Symptom

When trying to set an IPS job to read from the SCIM system Okta, the following error can be seen:

"org.quartz.JobExecutionException: Cannot execute provisioning job in tenant context: <Tenant> 
Caused by: com.sap.cloud.ips.connector.exception.ProvisioningRuntimeException: Error during execution on behalf of tenant with ID: <Tenant> 
Caused by: com.sap.cloud.ips.runtime.exception.ProvisioningException: Can not read entities from source system: '<Source system>: ee3e2be8-a739-4698-9e85-dc90c3ddcb1f' 
Caused by: com.sap.cloud.ips.connectors.api.ConnectorException: cannot process more entities due to irreparable error Caused by: com.sap.cloud.ips.connector.exception.ProvisioningRuntimeException:
Oauth request failed with status: 401 and body: {\"error\":\"invalid_client\",\"error_description\":\"Client Credentials requests to the Org Authorization Server must use the private_key_jwt token_endpoint_auth_method.\"}, 
destination: {_ips_runtime_property_provisioning_system_id=xxx, Type=HTTP, User=<username>, systemName=<Source system>, Authentication=BasicAuthentication, 
OAuth2TokenServiceURL= xxx, startTime=xxx, ips.trace.failed.entity.content=false, ProxyType=Internet, URL=xxx, Password=********}"

Environment

Identity Provisioning Services

Product

Identity Provisioning 1.0

Keywords

BasicAuthentication, POSTMAN, OKTA, SCIM , KBA , BC-IAM-IPS , Identity Provisioning Service (IPS) , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.