JIT user provisioning error with SAML IDP

grumpymatt · March 30, 2020, 3:39pm

I’m having trouble with a SAML IDP setup in my okta dev account.
I can login fine with a user that exists in both okta and the IDP, but when I try to login with a new user from the IDP that is not in Okta, the JIT user provisioning always fails.

It shows errors in the dashboard saying “Create okta user failure”
and
user.lifecycle.create (id: unknown)

I’ve tried playing with the profile mappings, but nothing seems to work. I don’t know why it says the id is unknown, when it is able find and log the id from the SAML response.

dragos · March 31, 2020, 2:26am

Hi @grumpymatt

Can you please check that firstName, lastName and email are sent in the assertion from the identity provider and mapped correctly in order for the user to be created in Okta?

grumpymatt · March 31, 2020, 1:19pm

Yes, that worked. I had mapped email, but not firstName and LastName.

I feel the like the saml IDP docs should note the required fields somewhere. Maybe I missed that.

Thanks

system · January 23, 2024, 11:03pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.