Hi, I have a SAML sign-in method for my application. And have event hooks used for user assignment, update, deactivation, etc.
But instead of Event hooks can we use OIDC/OAuth to capture user profiles or do any such operation like user assignment, update with the same SAML Application?
Or any alternatives to work on with user updates, user assignment, deactivation in SAML other than Event Hooks?
Maybe you’d be more interested in implementing SCIM? With SCIM, your designated SCIM server would receive requests from Okta anytime a user’s assignment to the application has changed (newly assigned to application, user updated, user deactivated, etc)
I am starting to implement SCIM Header Auth. So in the Provisioning tab where we need to give base url and API token how can we pass the headers? Is there a way to pass a header? And how will the API token be verified for the base url?
Are you looking to add custom headers for auth to your SCIM server? If you have the SCIM integration set to use Header auth, you should see that the value you pass as the “API Token” is sent to your SCIM server as the value for the “Authorization” header. Is that what you see?
All the verification of the authentication for your server will need to be completed at your end and you wouldn’t be using an Okta issued API token for this, but some other type of bearer token you are able to validate yourself (for example, using OAuth ,you could get Access Tokens issued to a custom authorization server in Okta and your SCIM server would then validate these tokens were issued to the expected client in your Okta org)