SCIM Integration issues with AWS Lambda

Questions SCIM
1

Hey all,
recently trying to build an integration for SCIM provisioning on my application. The current set up includes an API gateway triggering a lambda function. That function has support for all GET,POST,PATCH,DELETE for both /USERS and /GROUPS.

I am running into an issue with a few things:

  1. When i assign someone to the app, it initiates a GET and a subsequent POST for user. But on unassigning the person from the app, it doenst trigger a DELETE request. I also made sure that the provisioning integration has deactivate users enabled.

  2. How do i add a custom attribute to the user for my app? i tried creating a custom attribute in profile editor for the app and also added respective mappings but after account creation, the user shows thai need to “reapply mappings” and when i click on it it triggers a failure “Automatic profile push of user p b to app ToxMod - Cloud Env failed: Error while trying to push profile update for testuser@gmail.com: No user returned for user testuser@gmail.com

2

Hello,

Okta doesn’t perform DELETE operations on User objects in your SCIM app.

If a user is deactivated or removed from your integration inside Okta, then Okta sends a request to your SCIM app to set the active attribute to false.

Please review this article on how to add custom attributes.

3

Thanks This helps! but what about issue 2 ? do you have any idea about it?

4

i am consistently getting this error log on okta whenever i try to make attribute update to an assigned user :slight_smile: "
{
“actor”: {
“id”: “00ufo2k8bkW0aYRVa5d7”,
“type”: “User”,
“alternateId”: “p.b@test”,
“displayName”: “pr br”,
“detailEntry”: null
},
“client”: {
“userAgent”: null,
“zone”: null,
“device”: null,
“id”: null,
“ipAddress”: null,
“geographicalContext”: null
},
“device”: null,
“authenticationContext”: {
“authenticationProvider”: null,
“credentialProvider”: null,
“credentialType”: null,
“issuer”: null,
“interface”: null,
“authenticationStep”: 0,
“rootSessionId”: “10246JBH1iyQPChJ81JXyhkQg”,
“externalSessionId”: “trsoKu4QBSISGqnWu9QzljHvA”
},
“displayMessage”: “Push user’s profile to external application”,
“eventType”: “application.provision.user.push_profile”,
“outcome”: {
“result”: “FAILURE”,
“reason”: null
},
“published”: “2024-12-11T18:31:35.908Z”,
“securityContext”: {
“asNumber”: null,
“asOrg”: null,
“isp”: null,
“domain”: null,
“isProxy”: null
},
“severity”: “ERROR”,
“debugContext”: {
“debugData”: {
“appname”: “dev-70021382_testcognito_1”
}
},
“legacyEventType”: “app.user_management.push_profile_failure”,
“transaction”: {
“type”: “JOB”,
“id”: “psjlsquh8lFGtFd6A5d7”,
“detail”: {}
},
“uuid”: “272c2a64-b7ee-11ef-8fc8-5bca8bf0a30b”,
“version”: “0”,
“request”: {
“ipChain”:
},
“target”: [
{
“id”: “0ualsqrh8wTckND5b5d7”,
“type”: “AppUser”,
“alternateId”: “test@gmail”,
“displayName”: “p b”,
“detailEntry”: null
},
{
“id”: “00ulsk8yrfq1LNH5o5d7”,
“type”: “User”,
“alternateId”: “test@gmail”,
“displayName”: “p b”,
“detailEntry”: null
},
{
“id”: “0oafowtzmq7BaB7725d7”,
“type”: “AppInstance”,
“alternateId”: “ToxMod - Cloud Env”,
“displayName”: “ToxMod - Cloud Env”,
“detailEntry”: null
}
]
}
"

5

Please make sure “External name” and “External Namespace” are correctly defined when creating the attribute.

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.