SCIM Provisioning - group push issues

jnakul · August 31, 2020, 8:59am

A customer is trying to provision users from their security group into our application but only a small fraction are being provisioned and there are no errors on either our side(SP) nor on IdP(Okta instance of customer).

More details:

Customer has set-up SCIM via Okta for other applications and they are working fine.
Our(SP App) is working as expected with every other customer.
Even after repeated tries and new dummy group set-ups it repeats. Customer is pulling in security groups from AAD and then creating a push group to SP.
We implemented further logging to understand what we receive from Okta and here is what we get:
{“schemas”:[“urn:ietf:params:scim:api:messages:2.0:PatchOp”],“Operations”:[{“op”:“replace”,“value”:{“id”:“abc",“displayName”:“xyz”}}]}
The first time its set-up, we are able to provision 5% of users but then for every subsequent push we get the above. And 95% of users are not provisioned.

Looking for some advice. Thanks!

andrea · September 15, 2020, 10:22pm

@jnakul If you haven’t already, I’d recommend contacting support@okta.com to get assitance on this. They will be able to review logs and help determine why this is happening.

Msid · September 15, 2021, 11:40am

@jnakul , where you able to get this issue fixed? One of our customers is facing the same issue and we haven’t been able to identify the issue.

jnakul · September 15, 2021, 1:50pm

@Msid - Yes, it worked. The issue was customer’s okta instance being out of sync. So, an import action from Okta was able to resolve this one time issue and its been working smooth ever since.

Msid · September 16, 2021, 8:32am

I think our issue might be different since their okta instance is standalone. Have reached out to support. Thanks for your response, @jnakul .

system · September 17, 2021, 3:24pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.