1fj3q (1fj3q) asked a question.
Workflows: Update ExternalID attribute on App user profile through OKTA workflows
We are trying to leverage OKTA Workflows for user provisioning to SaaS apps instead of Custom SCIM connectors. One Challenge we are experiencing is how to populate the ExternalID app user profile attribute with UID of SaaS user after Create Operation. The SaaS app is returning the UID but we don't find any operation in Workflows to assign SaaS UID to ExternalID attribute on app user profile in Okta.
Can such scenarios be handled with Workflows?
If the provisioning is not done via and Okta provisioning flow but rather trough an API call all you would need would be an event to trigger the user creation on the application side and or an event to delete that user from the application. To this extent I don't think that an externalID would be necessary if it's not mandatory to introduce it into the API call for the SaaS application. So in theory, yes this would be a possible flow.
Also as this is a custom flow I would suggest getting in touch with our Professional services team. You can do this by contacting your CSM or also you can open a ticket with Okta support to facilitate this.
Kind regards,
Istvan Szep
Technical Support Engineer
Okta Global Customer Care
Thanks for the response!
How will we perform update as we need to validate if the user exists in the target app first. Even for Create operation, you will need to validate if a matching user exists on target app based on the attribute defined in (application username format) in scenarios where an app is converted from SSO to provisioning. The externalId attribute also helps in matching the user on target app where the "application username format" defined for the application changes like email, username in the Okta. I have already contacted our CSM on this.