SaaS Accounts / Okta Service Accounts Not Visible in OPA Console's SaaS Apps / Okta Service Accounts Tab

SaaS Accounts / Okta Service Accounts onboarded to Okta Privileged Access (OPA) are not visible in OPA Console's SaaS Apps / Okta Service Accounts tab. The following are the screenshots from both tabs when accounts are not visible: 

• SaaS Apps

• Okta Service Accounts

• SaaS Service Accounts
• Okta-Mastered Accounts
• Okta Privileged Access (OPA)
• Password Rotation/Management
• Policy Condition
• Okta Identity Engine

• The account has not been assigned through Resource Administration > Resource Assignment to the target project.
• The user has not been selected in the OPA Policy* rule > Accounts to protect section.
• OPA Policy is not configured to allow access to the groups (which the user belongs to) under Add Principals.
• In the case of SaaS, accounts may not appear in the Accounts to Protect list when Okta PA does not have a connection to the app (that is, for a manual update). In that case, the Password update method needs to be changed. 

*NOTE: A separate policy needs to be created for Okta Service Accounts through Create Policy > Okta Service Account. For SaaS, a new rule can be created with Add Rule > SaaS App Service Account Rule.

Ensure the following are configured:

• The account has been assigned through Resource Administration > Resource Assignment to the target resource group. 
• Expected OPA Policy(rule) exists for the Resource Group to which the service account is added.
• OPA Policy is configured to allow access to the groups (to which the user belongs) under Add Principals.
• The service account is included in the OPA Policy's Rule.
• The OPA Policy is published and active.