Social IdP's with Provisioning Callout Skip to main content
https://support.okta.com/help/answers?id=9060z000000faygqak&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Ozgur OzguvenOzgur Ozguven 

Social IdP's with Provisioning Callout

Hello everyone, 

We have been able to use Microsoft and Google as social Identity Providers but we now want to provision user accounts ourselves instead of automatic provisioning by the IDP. So, we have changed the "Provisioning Policy" to be "Callout" and after success authentication at Google/MS, Okta redirects the user to a custom page we maintain where we provision the user in Okta. But after this point ,how can we continue the original OpenID flow? We can't figure this out. Maybe there isn't a way.

As a workaround we are redirecting the user to the original Authorize URL for the second time but this results in a not great user experience for first time logins. Is there a better way to continue the original OpenID flow? 

Thanks
Oz

 
Best Answer chosen by Dylann Fezeu (Customer First Programs)
Matt MaherMatt Maher (Okta, Inc.)
Hi Ozgur, this sounds like a custom set up that could require Okta Professional Services or a ticket with support. Can you open a support ticket with us to gather more details specific to your environment?