HubSpot provisioning flow fails with the following error visible in the Okta dashboard:

Automatic provisioning of user <username> to app HubSpot failed: Error while creating user <username>: Bad Request. Errors reported by remote server: Portal <portal> is not allowed to manage users with domain '<domain>'.

• HubSpot
• Provisioning
• Error

This error occurs when the domain is not verified; it must be verified in HubSpot by updating the DNS records.

Please check this document for more details: Provision HubSpot users with SCIM through Okta.

1. Verify the domain in HubSpot by updating the DNS records. 

   1. In the HubSpot account, click the settings icon  in the main navigation bar.

   2. In the left sidebar menu, navigate to Integrations > Connected Apps.

   3. Click Okta SCIM.
        

   4. In the Domain field, enter the user's email sending domain.

1. 5. Click Save.

   6. Click Verify it now.
       

   7. In the dialog box, select Next.

   8. Copy the value in the Value column. Use this value when creating a new TXT record in the DNS provider.

   9. Log in to the DNS provider account and create a new TXT record for the domain being verified. Paste the value copied from HubSpot into the Value/Points To/Target field.

   10. After the TXT record is created, navigate back to HubSpot and click Next. Once the DNS changes propagate, the domain will be verified.
        

2. Attempt the failed tasks again. Go to the Okta Admin Console and navigate to Dashboard > Tasks. Any failed assignments should appear under Tasks.
3. After identifying the failed task for the user to be retried, click Retry Selected.

NOTE: If the issue persists, please contact HubSpot support for more details and steps to resolve this error.

Related References

• Provision HubSpot users with SCIM through Okta