This article describes what happens with the user's access once the Org2Org integration is removed.
The following needs to be confirmed that the below use-case is true:
- The user is provisioned to an Okta account via Org2Org Provisioning.
- If Org2Org to removed, can the user still log into the Hub Okta instance if the account is active?
- Org2Org
- User Lifecycle Management
- Password Sync
Access to the hub will depend on the previous configuration of the spoke. In an org2org setup, users cannot directly access the hub unless they are syncing the Okta password from the spoke to the hub via password sync.
If that is the case, then users should be able to access the hub org directly and use their Okta password to log in to the Okta dashboard. If not, Admins would need to reset the passwords for the active users on the hub org. This is because when Admins initially assign the users to the org2org app, Okta generates a random password (assuming the active_with_pass option was selected during the app assignment). Before resetting their passwords, please have one of the users try to log into the hub directly using their Okta password.
NOTE: This assumes the users are sourced from Okta and not a third-party application or IdP like Active Directory or Workday.
Below is the password sync option that is being referenced:
