In the last few months, I ran into several Oracle SaaS and PaaS customers that use both Okta and Identity Cloud Service for various use cases. While working with those customers, I figured that we did not have automated users/groups provisioning supported by Okta.
As I worked on the integration myself, I figured that there is some incompatibility between Okta and IDCS's SCIM implementation for Group membership management. I came up with a solution to put proxy between Okta and IDCS to fix the group membership updates to address that issue. For the rest of the API calls, the solution would still act as a proxy pass. It is an entirely stateless proxy, so when the issue is resolved, you can remove the proxy and configure Okta to start provisioning to the IDCS endpoint. A couple of proposed proxy implementation diagrams are as below.
The Identity Cloud Service application is already available in Okta Integration Network. The application takes care of Single Sign-On as well. You still have to add Okta as Identity Provider in IDCS. For more details on Single Sign-On configuration, you can refer to one of my previous blogs. Instead of describing the whole solution here, let me link the document that talks about the proxy solution.