We are testing our SCIM API integration at the moment. We have noticed the following scenario:
- User is removed from application, and Okta logs “Remove user’s application membership” then “Push user deactivation to external application”.
- User is added back to application, and Okta logs “Verify user exists in external application”, “Push user reactivation in external application” then “Push user’s profile to external application”.
- The third step in 2 fails, reporting an error to you (we are working on this part of our system now).
- User is removed from application again, and Okta only logs “Remove user’s application membership”.
It seems that if the last update for a user returned an error response, Okta does not send the “Push user deactivation to external application” request when you attempt to remove the user from the application. The user is therefore not removed from our application.
Could someone please confirm if this is as intended?