Hello @DamianZ.25071 (Customer)​ Thank you for reacting out to our Community!

Please see our doc to fix this issue below:

https://support.okta.com/help/s/article/Failed-to-update-group-GROUP-NAME-Resource-Not-Found-groupKey?language=en_US

Community members help others by clicking Like or Select as Best on responses. Try it today.

@paul.stiniguta (Okta, Inc.)​ Thank you for your response. I have tried steps from the instruction you have sent, but it didn't help.

I think my problem is different, I'm still getting an error:

Failed on 05-08-2023 04:59:53AM UTC: Unable to update Group Push mapping target App group Test::Simple Group: Failed to create group Test::Simple Group. Invalid Input: groupKey

Not this one: Resource Not Found: groupKey

And I believe this is strictly connected with ::, because for test groups without this character everything works good.

Ok, so I have tried this the way you asked. I have created a new group, which doesn't exist on Google side, without any users and tried to synchronize it. Effect for now is the same - an error. Yesterday I've been experimenting with other options (because at the end it is very important for me to make this working) and tried creating the group directly in Google - then adding synchronization in Okta panel.

In such case, when group with exact the same name has been already created in Okta, I were able to turn on the synchronization. However the case is that I want the group in Okta to be created with API and then automatically synchronized with all applications (using group pushing rules).

In this case I can't do this, because it takes some time until Okta refreshes groups from Google.

After couple of days I figured out some workaround, which solves our business case for this.

I'll leave the comment here - if it will be useful for someone.

So, at the beginning let's make some assumptions:

1. In Okta we have at least 2 applications integrated, one of them is Google Workspace;
2. We want groups to be pushed to Google automatically (using rules);
3. We are naming our groups in a way which is not properly handled with Google Workspace;
4. We don't want to change our groups naming convention 🙂

Ok, so the resolution for that issue will be:

1. Creating proper rules for pushing groups within all applications (including Google); Eg. We can set up that all groups starting with "Project::" will be pushed;
2. For Google we create additional rule to push groups starting with "project-";
3. Then, when we create a group, initially we naming it as eg. "project-group-task" and then, right after creation, changing the name to "Project::Group::Task" (which should be the group name we actually wanted to have);

In this way:

1. Group is pushed to Google and Google doesn't complain about groupKey;
2. After renaming group, the push for it is still active and rules for other applications working;

I have tried this also with API, with a 1s delay between creating a group and renaming it and everything worked as expected.