We have been able to use Microsoft and Google as social Identity Providers but we now want to provision user accounts ourselves instead of automatic provisioning by the IDP. So, we have changed the "Provisioning Policy" to be "Callout" and after success authentication at Google/MS, Okta redirects the user to a custom page we maintain where we provision the user in Okta. But after this point ,how can we continue the original OpenID flow? We can't figure this out. Maybe there isn't a way.
As a workaround we are redirecting the user to the original Authorize URL for the second time but this results in a not great user experience for first time logins. Is there a better way to continue the original OpenID flow?
Best Answer chosen by Dylann Fezeu (Customer First Programs)
Matt Maher(Okta, Inc.)
Hi Ozgur, this sounds like a custom set up that could require Okta Professional Services or a ticket with support. Can you open a support ticket with us to gather more details specific to your environment?