User Provisioning - Unexpected Behaviour

Steps to recreate:

  • Create user via API with a password, with “activate=false”
  • Activate user using the API with “sendemail=true”
  • Users receives the activation email with an activate button
  • User clicks on the button, but receives this:
    image

Expected behaviour:

  • User’s email address is validated and they are optionally prompted to provide the missing security Q&A

Workaround:

  • Set activate=true when provisioning the user OR use sendemail=false when activating the user; BUT this means we aren’t validating their email address, which is a necessary security requirement for our system

I’ve got to be honest, this whole activation process seems a lot messier than I would have expected. Why is the verification of the email address (which I would assume is a common requirement from other customers) baked so tightly into Welcome wizard?

@digitalelysium
For this user provisioning configuration issue, could you please open a support ticket through an email to support@okta.com. One of our TSEs will help you take a look