Amazon Web Services (AWS) IAM Identity Center push group fails with the following error visible in the Okta dashboard:
Unable to update Group Push mapping target App group <group name>: Error while trying to get the group <group name> with the externalId <externalId> and id <id>[status=ACTIVE,name=<name>,description=<description>,externalId=<externalId>,appInstanceId=<appInstanceId>,userGroupId=<userGroupId>,pushed=true,changeStatus=<null>,data=<null>,objectClass=,externalI
- AWS IAM Identity Center
- Provisioning
- Group Push
- Error
This error occurs because the Access token from AWS IAM Identity Center provided in the API Token field in Okta is incorrect.
Follow the steps or video below.
-
Refer to the AWS: Configuration Guide.
-
Go to Okta Admin Console and navigate to Applications > Applications > AWS IAM Identity Center > Provisioning > Integration > click the Edit button.
-
Copy the SCIM endpoint URL from the AWS IAM Identity Center and paste that value into the Base URL field in Okta. Remove the trailing forward slash at the end of the URL.
-
Copy the correct Access token from the AWS IAM Identity Center and paste that value into the API Token field in Okta.
-
Click Test API Credentials to verify that the credentials entered are valid.
-
A message confirming successful authentication is received. Click Save.
- Then navigate to Applications > AWS IAM Identity Center > Push Groups, and attempt the group push again.
