SAML + deprovisionning only

Hi there!

We are a SaaS provider. Some of our customers who use Okta (as IdP) would like to connect to our service using SSO. As a solution, I created an Okta SAML application that I aim to publish on your catalog.

This application works great but before submitting the app for review I would like to support deprovisioning. After reading many pages on your docs, it seems that we need to run/implement an SCIM 2 server. However, there are many aspects that are not really discussed/covered:

  1. Do we need to have a working endpoint for listing users even if the aim is to support deprovisionning only. What are the bare minimum operations to implement if we want to support deprovisionning only?

  2. Can we select what operations to allow when publishing the SCIM app to your catalog? again, the purpose would be to allow deprovisionning only through SCIM.

  3. Is there any basic server implementation example available for Java and SpringBoot?

Regards,
Laurent

Hi @lpellegr!

  1. I confirmed with our OIN Apps team - you would still need a working endpoint for listing users.
  2. Yes, you can disable which operations you don’t want - this you will have to coordinate with our Apps team.
  3. At the moment, looks like we don’t have a basic server implementation example for Java and SpringBoot; this is what we do have https://developer.okta.com/docs/guides/build-provisioning-integration/prepare-api/#example-implementations.

If you have specific questions or need additional support in publishing your app integration, you can reach out to our Okta OIN team directly at oin@okta.com.