This article describes several possible causes and resolutions for the following error received when trying to activate a staged Okta user that is assigned to an Active Directory provisioning group:

An error occurred while assigning this app.
Automatic activation of user <username> to app Active Directory failed: Matching user not found.

  

The user's Okta profile looks similar to:

• Directories
• Active Directory
• LDAP
• Staged Users
• User Activation

This error is seen if anything prevents an Okta user from successfully provisioning to Active Directory via an Okta provisioning group while going from Staged to Active.

Provisioning from Okta to Active Directory may fail for many reasons. The following lists several potential causes and resolutions:

• The "Create Users" option is not checked in the Active Directory integration.
  • Navigate to Directory Integrations > Active Directory > Provisioning > To App and ensure the Enable box is checked next to Create Users, then retry the task.

• The Okta AD Agent was offline during the time of the provisioning task.
  • Ensure the Agents are online and retry the task.
• The value for saMAccountName is too long.
  • See Error Provisioning Active Directory User: A Device Attached to the System is not Functioning for more details.
• The OU selected in the provisioning group is not selected in the AD integration.
  • See Provisioning to Active Directory Failed - Target OU is not an Import OU for more details.
• An invalid value for cn is being passed.
  • See Error Provisioning User to AD: An Invalid Directory Pathname was Passed for more details.
• The value for saMAccountName is not unique.
  • See Cannot Match Okta Account to AD: The Object Already Exists if matching the Okta user to an existing AD user or if creating a new AD user.
• The value for the Manager attribute of the user is not a valid Distinguished Name (DN).
  • Ensure the user's manager is active and in the correct OU before retrying the task.
  • See Active Directory Provisioning Error "There is no such object on the server" for more details.