Okta can synchronize attributes across multiple user stores through mappings, which are maintained in Okta as AppUser profiles. The synchronization is typically automatic, but sometimes, it might fail for various reasons.
The "Force Sync" feature in Okta allows an administrator to manually initiate synchronization of user data between the Okta User profile and the AppUser profile connected with the application or service, or vice versa for a Profile Source to Okta. This can be useful if recent changes have been made to user accounts or permissions that need to be reflected in both Okta and the connected system.
- Force Sync
- Universal Directory
- Lifecycle Management
"Force Sync" refers to the synchronization of the profile attribute mappings in the direction requested.
Selecting Force Sync will prompt the configured Okta attribute mappings to apply to the assigned AppUser profiles. This requests the Okta system to reconcile the configured profile mappings between the Okta User profile and the AppUser profile.
NOTE: Force Sync from the To App section is not a request for all assigned users' profiles to be pushed via System for Cross-domain Identity Management (SCIM)/API to the external service. While this often may indeed result in AppUser profile provisioning push events, only a detected change in the AppUser profile from the last successful provisioning event will prompt a new push attempt to the external service.
A "Force Sync" will cause the mapping to reapply on other profile sources, even if it is triggered from a secondary profile source.
Check out the video or the steps below.
The "Force Sync" option is available only for provisioning-enabled applications. Most apps allow a force sync from Okta to the app and vice versa. Follow these steps in order to initiate a force sync:
-
Access the Provisioning tab of the application.
-
Depending on which type of force sync is required (Okta to App or App to Okta), click on the To App or the To Okta section.
-
Scroll down and click on the Force Sync button above the list of attributes mapped for the application.
-
A brief message will appear, signaling that the process has started. Depending on the number of users assigned, this may take some time.
If a "Force Sync" request has not resulted in the expected updates in the target downstream service after a reasonable amount of time (depending on how many profiles are assigned), next, check if the AppUser profile attribute(s) have updated successfully. One place to quickly check is in the Assignments tab of the application:
If the attributes are correctly displayed here in the AppUser profile, please refer to Okta is Not Updating Users' Attributes in Some Applications for further troubleshooting of the integration.
If the AppUser profile attributes have not been updated as expected, then review the existing application attribute mapping and preview the results for an example user to ensure the expected results are populated. Otherwise, the mapping expression may require refinement.
