I am having a problem with the CRUD deactivation test. This test step (URL {{oktaOrgUrl}}/api/v1/users/{{okta_add_userid}}/lifecycle/deactivate) correctly sets the user to deactivated state but there does not seem to be anything generated to the SCIM server. I was hoping for a PUT or PATCH but don’t see a DELETE method issued either. The next method to the SCIM server is a GET by Id which, of course, returns an active=true. If I stop the test steps at this point I can see that the user is deactivated and also no longer associated with the SCIM app. I have deactivate user enabled in the app integration. Is there something else that can suppress the call to the SCIM server?
Found that the Okta log is showing a Forbidden return yet my server has no indication of it. Looks like maybe I have an AWS problem that I need to debug.
It does sound like the scim side is rejecting the request, so I agree that may need debugging. That said, Okta doesn’t send delete requests on SCIM (more here as well), we update the user to active=false.
You can also use Scim Playground for testing to see how the requests from Okta look if you want better visibility into what’s being sent from Okta during these requests as well.