JIT user provisioning error with SAML IDP

grumpymatt · March 30, 2020, 3:39pm

I’m having trouble with a SAML IDP setup in my okta dev account.
I can login fine with a user that exists in both okta and the IDP, but when I try to login with a new user from the IDP that is not in Okta, the JIT user provisioning always fails.

It shows errors in the dashboard saying “Create okta user failure”
and
user.lifecycle.create (id: unknown)

I’ve tried playing with the profile mappings, but nothing seems to work. I don’t know why it says the id is unknown, when it is able find and log the id from the SAML response.

dragos · March 31, 2020, 2:26am

Hi @grumpymatt

Can you please check that firstName, lastName and email are sent in the assertion from the identity provider and mapped correctly in order for the user to be created in Okta?

grumpymatt · March 31, 2020, 1:19pm

Yes, that worked. I had mapped email, but not firstName and LastName.

I feel the like the saml IDP docs should note the required fields somewhere. Maybe I missed that.

Thanks

Post		Replies	Views
Okta SAML JIT & matching against unique identifier SAML saml	2	3395	August 11, 2021
JIT missing fields/ mapping error for firstName, lastName OAuth/OIDC idp	4	1288	July 27, 2024
Error: "Unable to JIT the user" Questions	2	6162	February 8, 2024
SAML assertion UserID SAML	5	6516	January 23, 2024
Unable to find SSO/SAML user by email using Okta SDK on login API spring , java	2	133	August 10, 2024

JIT user provisioning error with SAML IDP

Related topics