AWS IAM Identity Center application provisioning flow fails with the following error visible in the Okta dashboard:

Automatic provisioning of user <name of user> to app AWS IAM Identity Center failed: Matching user not found

• AWS IAM Identity Center 
• Provisioning 
• Error
• Okta Classic Engine
• Okta Identity Engne (OIE)

The most common cause of this error is that the Create Users option in the application's provisioning settings is disabled.

When this option is off, Okta will only try to update existing users. If the user does not already exist in the application, provisioning will fail with the Matching user not found error.

Enable the Create Users option in the application's provisioning settings in Okta to resolve the error.

1. In the Okta Admin Console, navigate to Applications > Applications > AWS IAM Identity Center > Provisioning > To App > Provisioning to App. 
2. Click the Edit button and enable Create Users. 
3. Save the changes.
4. Navigate to Dashboard > Tasks. Any failed assignments should appear under Tasks.  
5. After identifying the failed task for the user, click on Retry Selected.

NOTE: If new users do not need to be created through Okta, verify the Username field for the user's assignment to the application and ensure it matches the username in the target application.