Using the same group as an Assignment Group and a Push Group in the same application will cause Group Push errors.
- Group Push
- Okta Integration Network
- User Lifecycle Management
The most common reason is a race condition in which the user membership is pushed before the user profile. This is a known product limitation, as stated in Okta's Product Documentation, which is quoted below:
"Okta doesn't support using the same group for app assignment and Group Push. To maintain consistent group membership between Okta and the downstream app, you must create a separate group that's configured to push to the target app"
The same group should not be used for Group Push and App Assignment in the same application since a race condition can cause the group push to not contain information on the user. This can create a situation where the push group process will try to update the downstream group membership with the pushed user before the application assignment and provisioning process are completed.
The push group will fail since the user does not yet exist in the downstream application, or if it is already there, the Okta user account and the application user account were not yet linked through the provisioning flow.
Related References
