OKTA SCIM Integaraion Reactivate User

sanketshetty14 · July 25, 2022, 12:19pm

We have created an Application in OKTA with SCIM Integration. We assign a user to the application and it gets created at our End.
Now we remove the user from the app and we get an Update call with active=false and the user is deactivated at our end.
Now if we reassign the same user to the application, OKTA still sends active=false. The expectation here is that on reassign it should send active=true and use should be reactivated. But it sends active=false only

erik · July 25, 2022, 5:16pm

Hello,
Is your SCIM integration using one of the Okta SCIM 2.0 templates or is it using either a SAML or SWA application.
If using a template the user active should be updated with a PATCH call.
I just tested:

Added user (POST)
Remove user (PATCH /scim/v2/Users/{id}) - active: false
Added user (GET /scim/v2/Users) userName eq "some.user@example.com" - this should return my user record with active: false
Then a (PATCH /scim/v2/Users/{id}) - active: true
Then a (GET /scim/v2/Users/{id})

if using a SAML/SWA app the calls would be.

Added user (POST)
Remove user (GET /scim/v2/Users/{id})
Then (PUT /scim/v2/Users/{id}) active: false
Add user back (GET /scim/v2/Users) userName eq "some.user@example.com" - this should return my user record with active: false
Then (GET /scim/v2/Users/{id}) - this should return my user record with active: false
Then (PUT /scim/v2/Users/{id}) active: true
Then (GET /scim/v2/Users/{id}) - this should return my user record with active: true

Both work for me fine. Is your SCIM server returning the record with active: false once the user is removed, or does it not return any record?

sanketshetty14 · July 26, 2022, 3:10am

We are using SWA with Oauth 2.0

Once user is removed , we return the same response that we received in request(active = false)

Below is happening in our case

Added user (POST)
Remove user (GET /scim/v2/Users/{id})
Then (PUT /scim/v2/Users/{id}) active: false
Add user back (GET /scim/v2/Users) userName eq "some.user@example.com" - this should return my user record with active: false
Then (GET /scim/v2/Users/{id}) - this should return my user record with active: false
Then (PUT /scim/v2/Users/{id}) active: true
Then (GET /scim/v2/Users/{id}) - this should return my user record with active: true
Then (PUT /scim/v2/Users/{id}) active: true

Post		Replies	Views
SCIM re-activate and re-assign sends active=false in SCIM event SCIM	3	3620	February 12, 2024
SCIM deprovisioning not sent to integration SCIM	9	3158	December 6, 2022
SCIM re-activate and re-assign sends wrong active field SCIM	9	3458	May 25, 2021
SCIM only "Deactivate Users" SCIM	3	2423	March 18, 2023
Reassign removed user to group not able to update flag Active to SCIM APP SCIM	5	2894	February 12, 2024

OKTA SCIM Integaraion Reactivate User

Related topics