The user migration needs to be done keeping the oracle IAM and IDCS integrated for federated users

Admin sets up federation trust:

Reference : https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/federation.htm

The restricted policies would be :

Allow group IdPAdmins to manage identity-providers in tenancy

Allow group IdPAdmins to manage groups in tenancy

OKTA Federation with OCI : https://docs.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/okta-federation-with-oci.pdf

Reference : https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/federation.htm

Federated user:

Organizations commonly used Identity providers (IdP) to manage user login/password. This authentication mechanism allows these organizations to provide user access using SSO mechanism.

OCI also allows the integration of Idp with Oracle IAM.
We are here looking forward to integrate our Oracle IAM users to OKTA IdP.

It is expected for an OCI admin to federate the users of OCI with the provided IdP, so that each employee uses company's SSO.

To federate, the admin goes through a short process of building a relationship between the OCI and IdP which is also called as federation trust.

As a part of building this trust what we need to do is create a group in IdP which is similar to the group in OCI and and the mapping.

Manage IDCS user and group in OCI : https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/addingidcsusersandgroups.htm

Understanding Admin roles in IDCS : https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/understand-administrator-roles.html#GUID-9B488723-43A1-47B1-ACB0-41FFD780FD5D

Add and remove user from Admin group : https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/add-or-remove-user-account-administrator-role.html#GUID-2ACB1B68-0388-4F76-BEB2-E95F916F517C