I encountered a SCIM bug when re-assigning a deactivated user back to an app again (they were previously assigned the app).
Steps to reproduce:
Assign a user to an app
Unassign the user from the app
Reassign the user to the app
The final SCIM provisioning event has “active”: false, even though it should be true, so the end state of the user in our app is deactivated even though they are reactivated in Okta.
Force syncing the users under the Provisioning tab doesn’t fix the issue.
I got the same issue when I am activating the user again.
The flow:
Update request with active=true sent correctly.
Less than a second get request is sent, but my service provider is returning not updated profile yet (user with active still false). My system is async. Afterward, Okta sends an update request with active=false for no reason. This leads to the user being deactivated in my system and activated in Okta. Okta sends get requests to check what changes need to be pushed to my system. Why Okta does not retry to send the update with active=true?