<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UukSAFOkta Classic EngineAdministrationAnswered2024-04-30T09:27:24.000Z2016-03-16T14:29:17.000Z2020-08-18T00:43:14.000Z

j5v7c (j5v7c) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
choice creates conflict
user was syncd to AD, the sync was removed so that the Okta username could be edited.  Once the AD account was re-imported Okta knows the correct account to assign it to.  However there is an error "This choice creates conflict.  with no logging as to what conflict or where.  Choosing instead to create a new user results in the same error, as does the an existing account I specify choice.

 

where can I view what the conflict is that Okta is hung up on?
  • 5 answers
  • 2.22K views
ArtC.12602 and 10vib like this.

  • ransom.moats1.4386711719018809E12 (Okta, Inc.)

    Hey Seth,

     

    I can take a shot at the question; Can you elaberoate on the full scanario? How was the sync removed and re-added?

  • j5v7c (j5v7c)

    We're seeing the same issue in our AD mastered environment, ever since the 2016.10 update. 

    Disabling method: User moved out of okta synced OU, then at a later date moved back into an okta synced OU.

  • ransom.moats1.4386711719018809E12 (Okta, Inc.)

    Can you try the following?

     

    Once you move the user out of a Synced OU, try running an import, move the user back into a Synced OU, run a new import. Based on what your describing Okta is treating the user as a new acount which is why you see those conflicts (IE matching firstname,lastname, email addresss etc.)

     

    Also, depending on the specifics of your IT process/business process there might be better way to handle AD account disabling so you wouldn't need to move users in and out of OUs to deactive the accounts in Okta. Support can definately help you , just open a new support case and include a link to this post. 🙂

     

     

    Expand Post

  • j5v7c (j5v7c)

    Thanks for the help all, I ended up adding a case and support worked with me to resolve.

     

    Turns out there is no logging and no way to know what was creating the conflict.  We ended up changing the current Okta account to XX-<account name>  and then running a full import.  the user was picked up and a new AD tied okta account was created with the proper name.  previously the AD account was an incorrect spelling which is why I had unhooked it from AD to edit the name.
    Expand Post

  • 6c4y4 (6c4y4)

    For people that continue experiencing this today, my team found out that if the primary email is the same for various users, their username is overriden by that primary email and that causes conflict, since they all are technically the same user.

     

    Use the secondary email instead, and leave the primary email the same as the username. That solved the problem for us.

    Expand Post
This question is closed.
Loading
choice creates conflict