I have a OIDC okta application created for enabling SSO in my .net core application. Now i wants to sync all users from existing okta client to my .net core application, so i registered the event hooks and i can get the event information at my .net core application when configured event triggers at okta. Also i find there is another way to do the same i.e. SCIM for which we needs to create individual application(SWA) and enable provisioning as per my understanding. Please address my questions below now.
- Difference between Event Hook and SCIM?
- What is the better option to sync my okta users in my .net core application?
- I wants to sync already existing users in okta to my .net core application, how can i achieve this?
Event Hooks are a way to do event-based processing of identity-related events. When something happens in Okta, you can consume an event with a listener (API) and ‘do something’. Think of it like a way to stream events from the System Log to your listener so you can do things. An example is this hook to help synchronise users. In your use case, when a user was added or updated in Okta you could get an event with the new user information and write it to your app’s database. The payload of the event is Okta-specific JSON. This is one of many things you could do.
SCIM is an industry standard XML protocol for managing users. If your app speaks SCIM, Okta can push changes to your app via your SCIM API. I think your app would have to be registered in the OIN for this to work. But there’s a test app you can deploy so this may get you going - see screenshot
If your requirement is that all existing Okta users must be synchronised to your app, I think SCIM is the only option. Once the app is setup, you assign users to it in Okta and they’ll be synchronised. This won’t be possible with event hooks as you’ll have missed all the old events for when those users were created.
Some other considerations:
- If this app is only for your organisation and you’d like an easier path, probably event hooks. SCIM is a trickier protocol (in my limited view).
- If the app is something you’re selling to multiple companies, SCIM will help you as many identity products talk SCIM, making it easier to sell to security/identity folks.
- If your organisation is big on standards, SCIM. Event hooks if standards aren’t a focus.
- If you may want to process other events which aren’t purely identity lifecycle related (e.g. authentication) then event hooks.
I forgot to respond to this one. SCIM as mentioned above will help you do that. Your other options are:
- Regularly export all users from Okta and import them into your app’s database. Exports can be done manually or you could write something via the API.
- Get other systems which register or update users or to also send you their information if you’ve got an API.
- You could do a once off import and export to get to a consistent state then consume event hooks or Okta workflows to keep your side up to date.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.