We are implementing Scim for our application. While testing de provisioning we encounter case
User de provision from Okta (User deactivated which resulted in removing user from scim provisioned app).
PUT request with active flag false sent to our app.
Our app logic fails for some reason (it may get failed due to server down, any of the internal services not avaiable)
Our app sends error to Okta. Problem starts here since user is removed from okta scim app but its still active in our app since request failed.
This creates dangling user issue, is their anything that Okta recommends to do for such case since we were in assumption that failure for user deactivation will again reassign user in okta
I understand that you don’t see the unassigned user under Application > Assignments Tab. For these errors, you can use Dashboard > Tasks > Application accounts need deprovisioning section to select and retry sync for failed user deprovisioning tasks.
Thanks, by this way we can retry again for deprovision same user but how would end user come to know that user deprovisioning is failed. When i encounter this issue i did not see any notification that user deprovisioned failed. is their any way to know this or notification from Okta that tells user about failure. I do know that checking logs can tell u but end user wont be checking logs everytime.
I have also encounter issue for Group Provisioning. description attribute value is coming as null from Group Post request even though it is mapped in Okta Groups Profile. We created group → added group name and group description but when i push group value for description is null in post request. is their anything specific that needs to be done because i am getting displayname correctly.
