I tried creating a list of users via script using the okta endpoint:
With the credentials as “SOCIAL”:
Now none of the users I created can login, even if I delete their users and re-create their users manually. These users are set to authenticate through a separate 3rd party Okta tenant. The error message is
User canceled the social login request. Does anyone know how I can re-create these users so that they can login?
Were you able to test to see if external IdP setup was working before you created the users?
Yes it was. Before running this script I validated one of their users was JIT created when he went and logged into our site, and he was able to authenticate and get a JWT. Now even if I delete the users and have them try to login, they are not JIT created. They get that
“User canceled the social login request” response from their external IDP.
Okay we figured out the problem. All that needed to happen was our customer needed to add the users to the Okta Application for our connection on their end. This solved the problem.
I’m still not sure why we got this error message from Okta. Whenever we encountered this kind of problem in the past, the error message from Okta was something like
"User is not assigned to client Application". Instead we received
"User canceled the social login request", which is a very confusing and misleading error message from Okta given the solution.
Regardless, we have resolved this issue by having the external IDP assign the user to the application.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.