Best Practices from Oracle Development's A‑Team

Okta user provisioning to Identity Cloud Service

Kiran Thakkar
Consulting Solutions Architect

Update: The issue mentioned below with Okta to IDCS provisioning is fixed. Now we do not need any proxy between Okta and IDCS. The updated step-by-step instructions can be found here

In the last few months, I ran into several Oracle SaaS and PaaS customers that use both Okta and Identity Cloud Service for various use cases. While working with those customers, I figured that we did not have automated users/groups provisioning supported by Okta. 

As I worked on the integration myself, I figured that there is some incompatibility between Okta and IDCS's SCIM implementation for Group membership management. I came up with a solution to put a proxy between Okta and IDCS to fix the group membership updates to address that issue. For the rest of the API calls, the solution would still act as a proxy pass. It is an entirely stateless proxy, so when the issue is resolved, you can remove the proxy and configure Okta to start provisioning to the IDCS endpoint. A couple of proposed proxy implementation diagrams are as below.

The Identity Cloud Service application is already available in Okta Integration Network. The application takes care of Single Sign-On as well. You still have to add Okta as Identity Provider in IDCS. For more details on Single Sign-On configuration, you can refer to one of my previous blogs. Instead of describing the whole solution here, let me link the document that talks about the proxy solution.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha