<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base

Access Requests "Assign individual app to user" Action Returns "API validation failed"

Last Updated:

Identity Governance
Okta Classic Engine
Okta Identity Engine

Overview

The Access Request type contains an action to assign a user to a specific application leveraging the "Assign individual app to user". 
When the Action step in the process occurs an error is returned indicating the task failed due to API validation as seen below:

Failed to run task: assign Zoom (API validation failed.) 

Error 

Applies To

  • Identity Governance - Access Requests
  • Action - Assign individual app to user

Cause

This issue will occur if the target application has required profile attributes that are not currently mapped from Okta to App. When the assignment task runs an API call is made to Okta to perform the assignment. This results in a validation to determine if all required profile fields will contain values. If a required field is left empty the validation will fail and the error will be returned.

Solution

To resolve the issue, it is first necessary to identify which attributes are required.  This can be accomplished in one of two ways:

1st Method - The Okta Admin UI

  1. Navigate to Directory > Profile Editor > (Application Instance Name).
  2. Choose the "Custom" option from the left sidebar.
  3. Click the Pencil (edit) icon next to each attribute and determine if the Attribute required is checked.

 

2nd Method - Leverage the Schema API

  1. Obtain the ApplicationID for the application by navigating to Application > Application > (Application Name) and selecting the ID from the address bar:   (Example:  https://mysubdomain-admin.okta.com/admin/app/myApp/instance/0oa1c01k43Ld4ouDI5d7/#tab-assignments)
  2. Use an API client tool such as Okta Workflows or Postman to obtain the application Schema using the (Get App user Schema) API documentation
  3. From the payload under: definitions.custom.properties List(Array) of Objects identify if any object contains the property "required": true


Once all attributes that are required have been identified the next step will be to map the attributes from the user profile to the app profile.   


After completing the mapping of the Okta Users Profile to the Okta AppUser profile attempts to assign the user should pass validation and successfully be assigned.

Recommended content

Still looking for help?
Loading
Okta Support - Access Requests "Assign individual app to user" Action Returns "API validation failed"