OKTA Identity Cloud Integration with SSI agent

Abstract

You will be able to learn how we can integrate existing centralized IDM solutions like Oracle Identity Cloud Service, OKTA identity Management, Sailpoint or Saviynt with SSI solutions like Hyperledger Aries, Spherity, or Trinsic to issue Verifiable credentials at the enterprise level as per
business requirement.

Business Use case

Corporate employees will be able to receive Vcs on the basis of Roles or Groups assigned to them. Example Google wants to issue Vcs to
employees of its finance department so that they can access sensitive data using VCs.
Say there are 1000 Employees worldwide and all need Vcs to access a particular system.

Using OKTA-SSI integration we will be able to automate the issuance of Vcs to mass employees in one shot and users will be able to receive
Vcs URL on their phone via text messages.

Components

Trusted System: Active Directory or Workday

Identity Manager: Okta Identity Manager

Connector: Custom connector

Target Application: SSI agent (Trinsic wallet in my case)

Architecture Explained

We are Assuming that Okta identity Cloud is reconciling users from Workday or Active Directory (Trusted system).

A custom connector is developed to integrate Okta with Trinsic or Hyperledger aries.

STEP BY STEP Guide

PART 1

Create a Custom connector and configure it with Target Application, In our Case, the Trinsic SSI agent is our target application.

Open OKTA console and click on Applications tab and Select Applications

Select Applications

Search for SCIM connector in the application catalog

Configure SCIM connector on OKTA to automate CRUD operation, in our case we have only enabled the Create task. whenever we assign a SCIM connector to the user, Create Vc task will automatically get triggered

Configure API Integration under Provisioning tab

SCIM Server will trigger the Create Vc task, which will further Create and issue credentials to the associated user
and the user will receive the VC URL on its phone

SCIM Connector is ready to use .

PART 2.

Create New user

Click on Directory Tab, Select People and Click on Add Person/

Select the User whom you want to Send VCs and assign the SCIM application to that user.

When we will assign the SCIM connector to a User, It will automatically Trigger the create Vcs task (Logic defined in SCIM connector).

NOTE: I have hardcoded a few parameters (developed for demonstration purposes only)

Create Vc task will further call this API (Trinsic Developers Guide ) and we will get the Credential URL and send it to the user Phone via text message.

NOTE: Few of the values are hardcoded (only for demonstration purposes)

We have used 3rd party application (Twilio) to send Vcs URLs via text messages.

Tap the URL save Vcs in your wallet

Advanced Scenarios

We can also define custom rules and policies as per our business requirements to issue VCs.

Example: Issue Vcs if the user is from Finance department or User is Manager or a Contractor .

============== END =======================

contact : Sethi.shivam27@gmail.com