OKTA Identity Cloud Integration with SSI agent
Abstract
You will be able to learn how we can integrate existing centralized IDM solutions like Oracle Identity Cloud Service, OKTA identity Management, Sailpoint or Saviynt with SSI solutions like Hyperledger Aries, Spherity, or Trinsic to issue Verifiable credentials at the enterprise level as per
business requirement.
Business Use case
Corporate employees will be able to receive Vcs on the basis of Roles or Groups assigned to them. Example Google wants to issue Vcs to
employees of its finance department so that they can access sensitive data using VCs.
Say there are 1000 Employees worldwide and all need Vcs to access a particular system.
Using OKTA-SSI integration we will be able to automate the issuance of Vcs to mass employees in one shot and users will be able to receive
Vcs URL on their phone via text messages.
Components
Trusted System: Active Directory or Workday
Identity Manager: Okta Identity Manager
Connector: Custom connector
Target Application: SSI agent (Trinsic wallet in my case)
Architecture Explained
We are Assuming that Okta identity Cloud is reconciling users from Workday or Active Directory (Trusted system).
A custom connector is developed to integrate Okta with Trinsic or Hyperledger aries.
STEP BY STEP Guide
PART 1
Create a Custom connector and configure it with Target Application, In our Case, the Trinsic SSI agent is our target application.
Open OKTA console and click on Applications tab and Select Applications
Search for SCIM connector in the application catalog
Configure SCIM connector on OKTA to automate CRUD operation, in our case we have only enabled the Create task. whenever we assign a SCIM connector to the user, Create Vc task will automatically get triggered
SCIM Server will trigger the Create Vc task, which will further Create and issue credentials to the associated user
and the user will receive the VC URL on its phone
SCIM Connector is ready to use .
PART 2.
Create New user
Click on Directory Tab, Select People and Click on Add Person/
Select the User whom you want to Send VCs and assign the SCIM application to that user.
When we will assign the SCIM connector to a User, It will automatically Trigger the create Vcs task (Logic defined in SCIM connector).
Create Vc task will further call this API (Trinsic Developers Guide ) and we will get the Credential URL and send it to the user Phone via text message.
We have used 3rd party application (Twilio) to send Vcs URLs via text messages.
Advanced Scenarios
We can also define custom rules and policies as per our business requirements to issue VCs.
Example: Issue Vcs if the user is from Finance department or User is Manager or a Contractor .
============== END =======================
contact : Sethi.shivam27@gmail.com