A customer is trying to provision users from their security group into our application but only a small fraction are being provisioned and there are no errors on either our side(SP) nor on IdP(Okta instance of customer).
More details:
Customer has set-up SCIM via Okta for other applications and they are working fine.
Our(SP App) is working as expected with every other customer.
Even after repeated tries and new dummy group set-ups it repeats. Customer is pulling in security groups from AAD and then creating a push group to SP.
We implemented further logging to understand what we receive from Okta and here is what we get:
{“schemas”:[“urn:ietf:params:scim:api:messages:2.0:PatchOp”],“Operations”:[{“op”:“replace”,“value”:{“id”:“abc",“displayName”:“xyz”}}]}
The first time its set-up, we are able to provision 5% of users but then for every subsequent push we get the above. And 95% of users are not provisioned.
@jnakul If you haven’t already, I’d recommend contacting support@okta.com to get assitance on this. They will be able to review logs and help determine why this is happening.
@Msid - Yes, it worked. The issue was customer’s okta instance being out of sync. So, an import action from Okta was able to resolve this one time issue and its been working smooth ever since.