I’m seeing a state sync issue happen when removing a group from a scim user:
Expected Result: User is active, User is not in group
Actual Result: User is active, User is in group
I’m unsure if this is a bug or if my app is doing something incorrect. How are users/groups updated when users are not part of an application?
Are you using a SCIM Connector? The connector might update the user in the group if the membership of the group for the user is also passed
I’m writing a SCIM connector, and was trying to debug some strange behavior we were seeing. I’m now thinking that we made an error and left the groups attribute off of the user resource. 
This other post made me think that there was maybe a problem on Okta’s side: SCIM Deactivation via Group Membership
https://help.okta.com/en/prod/Content/Topics/Directory/Directory_Using_Group_Push.htm
It’s a “feature”…
Note : Users who show as inactive in Okta are not pushed to the downstream app. Inactive users must be reactivated and then the group repushed. If the inactive user is part of more than one group, they must be repushed to all groups in which they are members.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.