I have a typical migrate-to-Okta scenario here: Okta should server the SSO solution for an already existing user base. To achieve this there is a Okta tenant with an App for authentication and the Okta Signin Widget in my application. My application also serves an endpoint compatible to Passqord Import Inline hook which is configured in the Okta tenant.
Migration plan also very basic: take all known users from my data store and push them into Okta with the Password Import Inline Hook set up as described in the docs.
Now I face a strange problem: when I try to create the Okta users via API and setup the Password Import Inline Hook I get an API error that this operation is only allowed for STAGED users. Mine are created in PROVISIONING. On user creation there is nothing special: a name, a group, etc.
In the docs I found a hint the the initial status of created users is dependent on the Okta App and it looks like my App is configured for provisioning.
- Am I right with my observations?
- How do I need to setup/confiure the Okta App to allow me create users in STAGED status? I could not find anything in administrative UI so far.