push groups 403 - Access denied - insufficient permission Skip to main content
https://support.okta.com/help/answers?id=9062a000000bm4aqaa&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Jeff HustonJeff Huston 

push groups 403 - Access denied - insufficient permission

I have a push group for Box in which I added a member to it in AD. Okta picks up the change but then when it tries to update the group membership I get error "Unable to update Group Push mapping target App group 'group name': Could not add user to specified groups. 403 - Access denied - insufficient permission"

Any ideas? 
Darron HellmannDarron Hellmann (Okta)
It sounds as though the user account being used for the Okta Box API doesn't have the necessary permissions to add users to groups.
Jeff HustonJeff Huston
That was my thought too but i am a super admin in Okta and Box so I'm not sure. I know the adminthat set these up has the same permissions as myself in Okta and less in Box. 
Achim OswaldAchim Oswald
I have the same issue for one single group, all other groups work. I'm working together with Okta Support and will post as soon as I got it resolved.
Jeff HustonJeff Huston
I ended up figuring this one out, not sure if you have the same issue as me. Box admins/co-admins can’t be in push groups as their group membership can’t be set/ altered by another admin. It was verified by Box. I pulled them out of the push groups and the groups sync fine now. Hope that helps!