Auth0 User to Okta User and Group Provision

arazzo: 1.0.1
info:
  title: Auth0 User to Okta User and Group Provision
  summary: Create an Auth0 user, mirror into Okta, then add to an Okta group.
  description: >-
    A customer-to-workforce provisioning workflow that registers a user in Auth0,
    mirrors the identity into Okta as the workforce directory, and adds the new
    Okta user to a group to drive downstream application access. Chains the
    created Okta user id into the group membership call.
  version: 1.0.0
sourceDescriptions:
  - name: auth0Api
    url: https://raw.githubusercontent.com/api-evangelist/auth0/refs/heads/main/openapi/auth0-management-api-openapi.yml
    type: openapi
  - name: oktaApi
    url: https://raw.githubusercontent.com/api-evangelist/okta/refs/heads/main/openapi/okta-openapi-original.yml
    type: openapi
workflows:
  - workflowId: auth0-to-okta-group
    summary: Create an Auth0 user, mirror into Okta, and add to a group.
    description: >-
      Registers a user in Auth0, creates a matching Okta user, and adds the new
      Okta user to a group for group-based access.
    inputs:
      type: object
      properties:
        email:
          type: string
        password:
          type: string
        connection:
          type: string
        firstName:
          type: string
        lastName:
          type: string
        login:
          type: string
        oktaGroupId:
          type: string
    steps:
      - stepId: create-auth0-user
        description: Register the user in Auth0.
        operationId: $sourceDescriptions.auth0Api.post_users
        requestBody:
          contentType: application/json
          payload:
            email: $inputs.email
            password: $inputs.password
            connection: $inputs.connection
            email_verified: false
        successCriteria:
          - condition: $statusCode == 201
        outputs:
          auth0UserId: $response.body#/user_id
      - stepId: create-okta-user
        description: Mirror the identity into Okta.
        operationId: $sourceDescriptions.oktaApi.createUser
        requestBody:
          contentType: application/json
          payload:
            profile:
              firstName: $inputs.firstName
              lastName: $inputs.lastName
              email: $inputs.email
              login: $inputs.login
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          oktaUserId: $response.body#/id
      - stepId: add-to-group
        description: Add the new Okta user to a group for access.
        operationId: $sourceDescriptions.oktaApi.addUserToGroup
        parameters:
          - name: groupId
            in: path
            value: $inputs.oktaGroupId
          - name: userId
            in: path
            value: $steps.create-okta-user.outputs.oktaUserId
        successCriteria:
          - condition: $statusCode == 204
        outputs:
          membershipStatus: $statusCode
    outputs:
      auth0UserId: $steps.create-auth0-user.outputs.auth0UserId
      oktaUserId: $steps.create-okta-user.outputs.oktaUserId
      membershipStatus: $steps.add-to-group.outputs.membershipStatus