This article explains how to configure automated user provisioning between Okta and Oracle using the Oracle Human Capital Management (HCM) app from the Okta Integration Network (OIN) via the System for Cross-domain Identity Management (SCIM) REST API. This integration allows for automated user creation, profile updates, and deactivation.

• User Lifecycle Management
• Oracle HCM Cloud
• System for Cross-domain Identity Management (SCIM) 2.0
• Okta Identity Engine (OIE)

The integration requires specific endpoint configurations and administrative roles within Oracle HCM to allow Okta to communicate with the /hcmRestApi/scim/ resources. A common point of failure is entering an incorrect Server URL format (for example, including the API path or protocol prefixes) that does not match Okta’s required validation pattern, or creating a Testing SCIM app, which does not follow the URN schema format expected by Oracle Cloud.

1. Add the OIN Application.

1. Navigate to Applications > Applications in the Okta Admin Console.
2. Click Browse App Catalog, search for Oracle Human Capital Management, and click Add Integration.

2. Configure API Integration.

1. Go to the Provisioning tab and click Configure API Integration.
2. Check Enable API integration.
3. Server URL: Enter the Oracle tenant domain without https:// and without /hcmRestApi.
   • Correct Format: myoracletenant.oraclecloud.com.
4. Enter the Admin Username and Password for an Oracle user with the IT Security Manager role.
5. Click Test API Credentials and then Save.

3. Enable Provisioning Features.

1. In the Provisioning tab, select To App from the left sidebar.
2. Click Edit and enable Create Users, Update User Attributes, and Deactivate Users.
3. Click Save.

4. Finalize Assignments.

1. Assign users or groups to the application via the Assignments tab to trigger the initial SCIM push to Oracle HCM.