<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00007SKfApCALOkta Classic EngineIntegrationsAnswered2024-04-03T16:09:08.000Z2022-02-22T21:20:41.000Z2022-02-23T13:53:16.000Z

MatthewH.10249 (State of Iowa) asked a question.

February 22, 2022 at 9:20 PM
Don't use app assignment groups as push groups in ServiceNow

In a recent support ticket video call with Okta, the tech made an unrelated statement to our situation but I wrote it down nevertheless as I found it interesting. He said that if we decide to use Push Groups for ServiceNow provisioning that we should make sure we never use an app assignment group as a push group or it will cause issues. We did not get into the details as what errors or why this would be a problem but I thought it might make for a good community question.

 

So does anyone know why it would be a problem making an app assigned group a push group to ServiceNow?

  • 1 answer
  • 545 views

  • bz6fg (bz6fg)

    Hi,

     

    This limitation is not just for ServiceNow but you should use different groups for all applications that are using group push. Okta has documentation about it on this page: https://help.okta.com/en/prod/Content/Topics/users-groups-profiles/usgp-about-group-push.htm

     

    In the last section it says:

     

    The following are the known Group Push limitations:

    • Using the same Okta group for assignments and for group push is not supported. To maintain consistent group membership between Okta and the downstream app, you need to create a separate group that is configured to push groups to the target app.

     

    So according to Okta there could be some issues with the memberships of groups when they are being used for both assignment for the application in Okta but also pushed to the application. I haven't seen any problems on my own when I've seen customers do this, but since Okta recommends it I am trusting that they have seen some issues with it in the past.

     

    I hope that answers your question!

     

    /Alexander

     

    Expand Post
    Selected as Best

  • bz6fg (bz6fg)

    Hi,

     

    This limitation is not just for ServiceNow but you should use different groups for all applications that are using group push. Okta has documentation about it on this page: https://help.okta.com/en/prod/Content/Topics/users-groups-profiles/usgp-about-group-push.htm

     

    In the last section it says:

     

    The following are the known Group Push limitations:

    • Using the same Okta group for assignments and for group push is not supported. To maintain consistent group membership between Okta and the downstream app, you need to create a separate group that is configured to push groups to the target app.

     

    So according to Okta there could be some issues with the memberships of groups when they are being used for both assignment for the application in Okta but also pushed to the application. I haven't seen any problems on my own when I've seen customers do this, but since Okta recommends it I am trusting that they have seen some issues with it in the past.

     

    I hope that answers your question!

     

    /Alexander

     

    Expand Post
    Selected as Best
This question is closed.
Loading
Don't use app assignment groups as push groups in ServiceNow