Okta user profile updates, deactivations, and/or password syncs are not being pushed from Okta to an application after enabling provisioning.

Okta system log may mistakenly indicate that the push attempt was successful.

• Provisioning
• Profile Updates
• Okta Classic Engine

Okta user profiles are missing external IDs from an application, or required provisioning options are not enabled.

• External IDs are required by provisioning tasks to ensure that Okta is modifying the application user object.
• External IDs will only be created during the application's assignment phase with provisioning enabled. If provisioning is later enabled on an application already assigned to users, those existing user assignments will not have external IDs created.

1. In the Okta Admin Dashboard, navigate to Applications and click the affected application.
2. Click the Assignments tab.
3. In the left pane, select People and click the pencil icon adjacent to a user who's experiencing this behavior.
4. Check to see if the External ID attribute is listed and populated.

• • If there is no External ID:
    • Unassign and reassign a user from the application.  This will trigger a provisioning event from Okta to the application, creating an External ID that maps the Okta user object to the corresponding application's user object.
  • If the External ID is present:
    • Verify that the application's Provisioning options (Create Users, Deactivate Users, etc.) are enabled/disabled according to expected behavior.
    • Check Dashboard > Tasks for profile update events.  These will usually provide details about the cause of the issue.

Related References

• Why the External ID is Necessary for Provisioning to Downstream Apps