Active Directory (AD) attributes fail to sync to an Okta user profile when a constraint violation occurs on a different mapped attribute. To resolve this issue, fix the formatting of the attribute causing the violation or remove the mapping entirely. When this issue occurs, the Profile Editor preview displays the attribute, but the attribute fails to update after a full import or a force sync in the To Okta section of the Provisioning tab.
- Okta Identity Engine (OIE)
- Okta Classic Engine
- Active Directory (AD)
- Imports
- Attribute Sync
A constraint violation on a single attribute mapped from the AD, Lightweight Directory Access Protocol (LDAP), or application profile to the Okta user profile prevents other attributes from syncing successfully. The Okta System Log records failures during a manual full import with an error code similar to the following examples. The System Log error contains the attribute causing the issue under debug > errorField:
eventType eq "app.user_management.update_from_master_failed"debugContext.debugData.errorCode eq "platform.cvd.profile.property.constraint.violation.required"
How are Active Directory attribute sync failures resolved?
Follow these steps to resolve the constraint violation and successfully sync the Active Directory attributes to Okta.
- Fix the formatting issue causing the constraint violation on the attribute identified in the System Log.
- If the attribute is not needed, remove the mapping from the Okta to Directory section of the Directory Mappings in the Profile Editor.
- Run a full import to update attribute values.
