Enable SCIM provisioning after assigning users to the application

Questions SCIM
1

When I was testing SCIM integration, I observed some issue

  1. I created a SAML application in Okta
  2. Assigned few users to that app and logged in using that SAML app. Everything worked fine.
  3. I enabled SCIM provisioning for that app. As of now, we support only deactivation functionality. So, I enabled only the Deactivation option in “To App” settings
  4. When I tried to deactivate an existing user already assigned to the app, it didn’t trigger a SCIM call to external app to deactivate that user
  5. If I assign a new user to the app and then deactivate, Okta triggers the SCIM API call to external app

Question is will Okta run an initial synchronization cycle after SCIM is enabled in an existing app with some assigned users?

2

Only the new users you assign to the app after provisioning is enabled can be de-provisioned. User deactivation will only work if they user was provisioned via Okta, so its working as expected.

3

Thanks @andrea
I think my question was a bit confusing.

  1. Let’s say a SAML App was created in Okta and multiple users logged in to that app
  2. Since the users already logged in to the app, a temporary profile got created in the app
  3. 1 year later, let’s assume SCIM was enabled in this SAML app

Will Okta run an initial cycle to query all the existing app users in the target system to get the user ID? If not, how can those users be managed by Okta?