Oracle HCM is Oracle’s HR SaaS solution, and we are now starting to field questions on how to integrate it with Okta.

In this article, I will share with you how to solve the 2 most common integration use cases:

• Single Sign-On from Okta to Oracle HCM
• Synchronize Oracle HR data to Okta

How to SSO into Oracle HCM

Oracle HCM, as with all Oracle cloud applications, uses Oracle Identity Cloud Service (IDCS) for authentication. We will not discuss IDCS licensing in this blog post since we are only focused on the integration steps.

Connecting Okta to IDCS for SSO is relatively straightforward. IDCS supports using an external identity provider for authentication, and this should not require any type of third-party software such as SPGateway.

Considering that our consultants work on Okta and IDCS regularly, we can speed up this setup process while also reducing the risk of misconfiguration because, while your team might be familiar with one of these systems, they won’t know the other one as well.

Setting up Oracle HCM as a Master

Configuring Oracle HCM as a Master to Okta is unfortunately not as simple. Currently, there is no default integration or connector for Okta and Oracle HCM data.

However, ICSynergy has created a toolkit called ICBatch that makes this integration possible.

ICBatch is a Java executable. You can run it on a system in your local data center or on a a cloud infrastructure system. Its purpose is to speed up collecting data from a primary data source such as a database or web service (like Oracle HCM) and synchronize the data to Okta (or IDCS).

It takes care of the provisioning basics of identifying new users, which users need to have data updated, and who needs to be deactivated on termination. It can also update profile data and add members to groups, and since it runs in batch mode, you can also employ a scheduling tool (like cron) to run the sync process every minute, for example. Or, you could connect it to a messaging bus to listen for updates. Because it’s a toolkit, it is simple for us to customize it to your data requirements.

Twenty-two years ago, I got started with identity management by synchronizing a Univeristy of North Texas home-grown HR system with our LDAP server.

Back then, I FTP’d a CSV file full of employee and student data to our Solaris box were a Perl script massaged and fed the data to our LDAP server.

Single Sign-On was accomplished by configuring applications to use our LDAP server so you only had to remember one username and password. This eventually led to the development of the Oracle Virtual Directory.

My friend Clayton Donley wrote the first version on a Fourth of July weekend. I spent that weekend seeing how many times I could drink all of the margaritas from the margarita machine we "borrowed" from my chef friend’s restaurant.

OVD was an important player in simplifying the deployment of the Oracle Access Manager, but now we’re moving into the SaaS world where it’s much faster and easier to deploy your enterprise applications.

While the industry has developed true SSO technologies, we still face challenges in keeping data in sync.

If you want to learn how ICBatch and ICSynergy can help your organization rapidly connect Okta with Oracle HCM, contact us today.