When trying to enable Provisioning for Salesforce within Okta, after entering the OAuth Consumer Key and OAuth Consumer Secret, after Testing the API Credentials, the following error is received.

Could not verify the Salesforce administrator credentials; please confirm that these are set correctly.


 

• Provisioning
• Okta Integration Network (OIN)
• Salesforce

This error can be generated if: 

• The OAuth Consumer Key and OAuth Consumer Secret are not set correctly.
• The Instance Type is not reflecting the correct value (Production, Sandbox, Government).
• On Salesforce's side, the SAML Identity Type is not reflecting the correct value. 
• The "Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows" option is enabled within the OAuth configuration of the connected app in Salesforce.

1. Ensure that the OAuth Consumer Key and OAuth Consumer Secret are placed and created correctly. 
2. When creating the integration in Okta, please select the correct Instance Type that matches the one used for Salesforce.
3. Ensure the "Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows"  option is disabled. For more details please check the Configure OAuth and REST integration documentation.

If a Sandbox environment is used in Salesforce, please navigate to the SAML Identity Type and change it from "Assertion contains the Federation ID from the User object" to "Assertion contains the User's Salesforce username".

After the process is completed, please re-authenticate the API Credentials.