<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Okta On-Premise Provisioning (OPP) Agent Registration Using OAuth 2.0
Sep 9, 2025
Lifecycle Management
Okta Classic Engine
Okta Identity Engine
Overview

This article specifies the Okta On-Premise Provisioning (OPP) Agent supports registration through OAuth 2.0.

Applies To
  • User Lifecycle Management
  • On-Premise Provisioning (OPP) Agent
  • On-Premise SCIM
Cause

The OPP Agents v2.3.1 and earlier did not support registration through OAuth 2.0 and registration require an Okta admin to sign on. For this, it is recommended the API authorization use a service account separate from a regular admin account as best practice.

Solution

As of OPP Agent v3.0.2, new agents are registered through OAuth 2.0 device registration flow. The agent will use OAuth 2.0 and OAuth 2.0 Demonstrating Proof-of-Possession (DPoP) to securely communicate with Okta.

For the Okta Active Directory Agent, refer to Okta AD Agent Registration Using OAuth 2.0

Related References

 

Recommended content

Still looking for help?
Loading
Okta On-Premise Provisioning (OPP) Agent Registration Using OAuth 2.0