I am developing an integration between our Cloud Service and Okta's IdP. This will become an official OAN app that end-users can install themselves via the Okta interface. During the development phase of the project, we are using an Okta Developer Preview account. Our app accepts provisioning traffic via SCIM REST APIs that it exposes. Okta tells us that they don't support sending SCIM directly from their production application to integration-partner SCIM servers, and tells us that the way to connect the SCIM traffic to our application is to use their downloadable On-Premises Provisioning Java connector. We have installed the connector on a CentOS machine and connected it to our preview account, which is working properly and sending us SCIM messages as expected.
So, here's the problem: When setting up the On-Premises Provisioning Connector, we had to associate the connector with our specific Okta Preview account via a configuration file, and by accepting and associating it via the Okta Admin UI. We plan to put out application into the Okta Application Network, where each end-user will be provided a unique key that will be parameterized in the Application Configuration and used as a component of the SCIM Base URL for each installation of our Okta OAN App. But we only have one On-Premises Provisioning Connector, and it seems we have to point it at a specific Okta account, and it would be completely impractical to set up a separate On-Premises Provisioning Connector daemon for each of our many customer accounts. How are we supposed to get SCIM traffic from each customer's OAN Apps and respective Okta accounts?
It would be way easier if Okta could just send us SCIM directly. Or, I wonder if we could write our own "On-Premises Provisioning Connector" somehow, but I don't know what protocol it speaks at the other end. Thanks!
