Hi,
We have a bunch of users got from an external IDP (another Okta). All of them are visible in the application Assignments tab and active, but cannot log into the application.
Logs do not help much:
"User login to Okta
FAILURE : PASSWORD_BASED_LOGIN_DISALLOWED"
What type of application is this?
If its a Native type OpenID Connect app in Okta that you are trying to use Resource Owner Password Grant with, then what you are seeing is expected behavior. As this grant type requires that a user’s username and password be provided to the Okta Authorization Server to log the user in (sent directly to the /token endpoint), the user would have to be a local Okta user for their credentials to be validated. Since these users are coming instead from an external IdP, they do not have a password within Okta and are ineligible to use this flow.