As far as I read, okta supported OpenID Connect, so it should be possible to integrate it with Keycloak, which Alfresco has used as the basis for the Alfresco Identity Service. Unfortunately, at this point, there is no official documentation / guidance (that I am aware of) on how Alfresco Identity Service could be integrated with other infrastructure services, such as okta.
I could not find clear information on whether okta itself exposes LDAP-based directory access to client applications, which would be needed to synchronise user / group information. This would be needed to fill the local database(s) of Alfresco and/or Alfresco Identity Service (currentl "and", but in the future, Alfresco might be able to synchronize / access user/group information from Alfresco Identity Service without having to store then in the local database).
So, the steps seem to be:
- Do proper research
- Integrate the existing capabilities (OIDC)
- Develop custom components for Alfresco / Alfresco Identity Service to sync user/group details if there really is no LDAP access to okta itself (and you can't just access a local directory from which okta is getting its information)
