Users of my client application are tagged to an OIDC Client application & SCIM Application. When users are removed from Client Application, below happens as per Okta logs:
- User is removed from Client Application. Under User, Client application is not seen anymore.
- User is removed from SCIM application. Under user, SCIM application is still seen.
- Okta does “Individual” assignment for the SCIM application. application.user_membership.update event is fired which adds individual assignment for the user.
- Which further triggers SCIM flow, but SCIM flow fails due to application logic written in SCIM connector.
Question is why #3 happens? How can we avoid #3 and hence remove reference of SCIM application after #1 is done. Do we have to do some configuration in tenant or is it some issue with SCIM connector configuration?
Any leads on this will be helpful.