TobiasR.78159 (Customer) asked a question.
Hello everyone,
I'm working on a way to import and update users from our HR tool into Okta. There is no OIN app and the tool doesn't support SCIM yet, so I want to use their public API to pull user data.
So far I'm able to auth against the API and also pull the data in json format, but I'm unsure on how to proceed further.
My first idea was to save everything into a flow table "TempDB" and have a 2nd table "UpdateDB" that contains the current Okta users with their profile information (firstname, lastname, email, etc). Now every time "TempDB" get's updated I would also call a flow that compares users in "TempDB" against users "UpdateDB" and updates/creates them in "UpdateDB". Then I would search in "UpdateDB" for updated rows and use the "Okta - Update User" or "Okta - create User" card.
On the second thought couldn't I just take the API call response, put in into an Object (Get-Multiple) and than use for-each with a helper flow to create or update the user? My concern is that "Okta - Update User" function will run over every user, every time, even when there is nothing to update and therefore hit some Okta API limits.
Sorry, if it's a stupid question, I'm new to Okta workflow and only build some pretty basic reports so far.
Hi @TobiasR.78159 (Customer) ,
A new feature called Anything as a Source will allow you to call your API and create imports to Okta.
We're working on building some Workflow Templates that demonstrate how to perform some of the necessary steps in Workflows (transforming the user profile data, etc).
That's probably the direction I'd explore for this use-case.
Hi @bryan.barrows1.5613819579051719E12 (Okta, Inc.) , thank you. That is what I’m looking for. I know it’s in LEA, but can the support enable it for preview and prod instances?
Good Morning @bryan.barrows1.5613819579051719E12 (Okta, Inc.) ,
I was told that this feature is currently only available for sandbox / preview instances. So I can't roll it out in prod, when it was tested by us.
So I might have to create the workflow for user imports and updates. Would you recommend one of the options I described or something else?
Ah, yes, I believe Anything as a Source is currently in Limited Early Access. I wasn't aware that you could not deploy in production, though. I'd check again with your CSM to confirm that.
Anyways, I think your point about hitting rate limits because you'll iterate over every user is valid.
It would be ideal if you could either configure a webhook in the HR service to POST to a flow when a user's profile is updated, created, etc. Alternatively, if there is any way to use a query on your call to their API to limit the user-base, that would be helpful.
This unfortunately falls into the red-zone of unsupported Workflows use-cases as well.
https://help.okta.com/wf/en-us/Content/Topics/Workflows/workflows-system-limits.htm