Users sync from one OKTA account to another OKTA account

We have an OKTA account managed by IT. We are building an application which uses OKTA as identity management. We want to keep the applications build by SDEs from IT operations. So we are thinking of keeping 2 OKTA account one for IT and Applications. In the second account we don’t need any IT operations. What will be best possible and simplest way to integrate the users from IT OKTA account to Application OKTA account ?

We looked at the OKTA Org2Org configuration, it seems bit complex in the sense - spoke and hub both have IT administration and shared application from hub to spoke. We don’t need such configurations. There is very minimal IT administration in Application OKTA account. We don’t need any applications from Hub shared to users in the Spoke.

Hi there! Not sure on your environment or desired outcomes, but (and this is OIDC) it might be worth looking into the Generic OIDC IdP option. This would allow you to authenticate IT users to the Application Org via their own Org, similar to the way a social ( google, facebook, etc.) login works.

2 Likes