AWS IAM Identity Center provisioning flow fails with the following error visible in the Okta dashboard:

Automatic provisioning of user <user> to app AWS IAM Identity Center failed: Error while verifying if user <user> exists: Unauthorized
 

• AWS IAM Identity Center
• Provisioning
• Error

This error occurs because the Access token from the AWS IAM Identity Center used to create the API connection is invalid. 

Follow the steps or video below.

1. Refer to AWS: Configuration Guide. 
    

2. Go to Okta Admin Console and navigate to Applications > Applications > AWS IAM Identity Center > Provisioning > Integration > click the Edit button.

3. Copy the SCIM endpoint  URL from the AWS IAM Identity Center and paste that value into the Base URL field in Okta. Make sure to remove the trailing forward slash at the end of the URL. 

4. Copy the valid Access token from the AWS IAM Identity Center and paste that value into the API Token field in Okta.

5. Click Test API Credentials to verify that the credentials entered are valid.
    

6. Verify the connection is successful, and then click Save.
    

7. Attempt the failed tasks again. Navigate to Dashboard > Tasks. Any failed assignments should appear under Tasks.

8. After locating the failed task for the user that should be retried, click on Retry Selected.