This article explains how to resolve the error that occurs on the Provisioning tab of a Salesforce application when attempting to re-authenticate API credentials.

Unexpected Error

• Salesforce
• Provisioning
• Authentication
• Okta Identity Engine (OIE)

The error occurs because the Single Sign-On (SSO) integration was configured for the Salesforce application instance before the provisioning API integration was successfully authenticated.

1. Create a new Salesforce.com application from the Browse App Catalog in the Okta Integration Network (OIN).

2. Leave the sign-on method set to Secure Web Authentication (SWA). Do not configure Security Assertion Markup Language (SAML) at this stage.

3. Navigate to Provisioning > Integration and select the Enable API Integration checkbox.

4. Enter the OAuth Consumer Key and OAuth Consumer Secret.
    

5. Select Authenticate with Salesforce.com.

6. In the pop-up window that appears, select the Custom Domain Login option and enter the full URL for the sandbox domain.

7. Sign in using the sandbox service account credentials and select Allow to grant OAuth access.