dpkz3 (dpkz3) asked a question.
"Using the same Okta group for assignments and for group push is not supported."
The documentation says:
https://help.okta.com/en/prod/Content/Topics/users-groups-profiles/usgp-about-group-push.htm
"Using the same Okta group for assignments and for group push is not supported. To maintain consistent group membership between Okta and the downstream app, you need to create a separate group that is configured to push groups to the target app."
However I have successfully added the same group to both the "assignments" tab and to a rule in the "push groups" tab for my AWS SSO application. I observed that the group and its members were successfully pushed to AWS SSO, and that the users have access to the application from Okta's dashboard.
Which one of these is correct:
- The limitation specified in the documentation is no longer applicable to any third party apps
- The limitation doesn't apply to the AWS SSO application specifically
- I'm misunderstanding the limitation. If so, please clarify.
Thanks
Hello @Ralph
I hope you are having a great day
Thank you for posting, these limitations can trigger different behaviors that cannot be supported by our helpdesk team and the best way to keep a healthy working environment is to follow the best practices documented in our public files. you can also check in the link below if your application support group push.https://www.okta.com/integrations/
Have a great day ahead
Regards
Henry E.
Okta Inc
Hi Henry,
Thanks for the reply. I misinterpreted "not supported" as meaning that it shouldn't be possible from a technical perspective. Now that you clarified that it's a best practice that, if not followed, could have unintended consequences it makes sense to me.
Ralph
What's the reason that this isn't supported? Could you give an example of unexpected behavior? Would the only real option be to have a punch of duplicate groups?