I have configured an OIDC application which I’m using to allow SSO to my web based application. The next stage is to add user provisioning to allow users in Okta to be synced to my application.
I’m finding the general guidance around provisioning confusing. My simple question is: how can I configure provisioning when using an OIDC application?
Thanks,
Rob
Hi @RobDougan
At the moment, we do not support provisioning for OIDC applications. The best solution would be to create either a SCIM template application if you have a developer account under oktapreview.com or an AIW application with SCIM provisioning capabilities. For the second option, you would need SCIM_PROVISIONING feature enabled on your Okta tenant.
To get the feature, simply send an email to support@okta.com and ask to have it enabled.
Hi @dragos, thanks for your reply.
I have a developer account at oktapreview.com, but I don’t see an option to add a SCIM application.
Is OIDC provisioning something that is coming in future?
Rob
Hi @RobDougan
After accessing the administrative panel, hover on Developer Console on top right corner and select Classic UI. From here, navigate to Applications >> Add Application and search for SCIM. You should be able to see the SCIM templates appear as suggestions.
At this point, provisioning for OIDC apps is taken into consideration, however we do not have an ETA for when this feature will be released.
Thanks @dragos, this is working now. Do you know if there a guide to get this up and running?
Rob
Hi @RobDougan
The application fields need to be configured with the SCIM server settings that you currently have. If you would like to see how to create the SCIM connector for your application, check out the article available here.
If you would like an example of a SCIM connector, check out this example in PHP.
@dragos Do you have any resources or examples for .NET/C#?
Hi @RobDougan
Unfortunately, we do not have any examples of SCIM connectors for .NET.
No problem @dragos . Thanks for your help.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.
