When adding a new SAML User role and renaming existing SAML User roles in AWS, the changes are not reflected in the Okta User Assignments page.
- Steps to Reproduce Issue:
- Create a new SAML User role in AWS. For example: AWSSAMLTestRole role.
- Go to the Assignments tab in the Okta AWS Account Federation App > click the pencil icon to open the Edit User Assignment page > check the SAML User Roles dropdown, and the new role AWSSAMLTestRole is missing.
- AWS Account Federation
- Provisioning
When adding a new SAML User role and renaming the existing SAML User role in AWS, the changes are not reflected in the Okta User Assignments screen. It means the app data is not updated in Okta and needs to be refreshed.
Use one of the following methods:
Method 1
Go to the Okta Admin Console > Applications > Applications tab and click More to select Refresh Application Data. NOTE: This will trigger an import of application data for all applications configured with Provisioning. The latest roles download, along with profiles and groups from apps configured for user provisioning. Okta uses this data when creating new users in those apps.
Method 2
Re-authenticate API credentials that are used for provisioning to/from AWS, which will cause the download and updating of application data into Okta (this will only refresh the application data for AWS Account Federation):
- Go to Okta Admin Console and navigate to Applications > Applications > AWS Account Federation > Provisioning > Integration > click the Edit button.
- Verify that AWS Account Federation credentials are correct and click Test API credentials, then save them.
-
Afterward, go to the Assignments tab in the AWS Account Federation App > click the pencil icon to open the Edit User Assignment page > check the SAML User Roles dropdown to confirm that the new SAML User role is available.
