LaunchDarkly SCIM Provisioning - The Role Assigned in the Okta Application Assignment Page is Not Reflecting Correctly on the LaunchDarkly Application Side
Last Updated:
Okta Classic Engine
Okta Identity Engine
Okta Integration Network
Overview
In Okta, the users mapped three different default LaunchDarkly roles (reader, writer, admin). However, all provisioned users are set to the role reader.
The Role is reflecting correctly on the Okta Application Assignment page, however, the Role is not reflecting correctly on the LaunchDarkly Application Side.
Applies To
- LaunchDarkly
- Provisioning
- Role Assignment
Cause
This issue occurs if the role attribute external namespace is incorrect.
Solution
- As per LaunchDarkly SCIM documentation, the SCIM attribute Role should have the external namespace as urn:ietf:params:scim:schemas:extension:launchdarkly:2.0:User.
- Go to Okta Admin Console and navigate to Directory > Profile Editor > LauchDarkly User > click Role attribute blue information icon. Verify the role attribute external namespace is urn:ietf:params:scim:schemas:extension:launchdarkly:2.0:User.
- If the external namespace is incorrect, delete the Role attribute and recreate it with the correct external namespace and external name.
- External name: role
- External namespace: urn:ietf:params:scim:schemas:extension:launchdarkly:2.0:User
- Then, map the correct role to the application assignment group or individual assignment and verify that the user is set to the correct role on the LaunchDarkly application side.
