User16872395488446542832 (Customer) asked a question.
I have written a simple SCIM server that provisions / deprovision / update users. To provision the user the Okta makes first call to identify if the user exists in remote directory - /scim/v2/Users?filter=userName%20eq%20%22user2%40gmail.com%22&startIndex=1&count=100 HTTP/1.1
To which SCIM server responds with below message
{
"Resources": [],
"itemsPerPage": 0,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"startIndex": "1",
"totalResults": 0
}
I see that okta events do not give much details and fails with below event without making next call to SCIM server to provision the user.
{
"actor": {
"id": "00uae045t0RPH343N5d7",
"type": "User",
"alternateId": "user@company.com", (edited by Moderator)
"displayName": "username", (edited by Moderator)
"detailEntry": null
},
"client": {
"userAgent": null,
"zone": null,
"device": null,
"id": null,
"ipAddress": null,
"geographicalContext": null
},
"device": null,
"authenticationContext": {
"authenticationProvider": null,
"credentialProvider": null,
"credentialType": null,
"issuer": null,
"interface": null,
"authenticationStep": 0,
"externalSessionId": "trslqH0Ik8MQ9e-QKOIsH_qPA"
},
"displayMessage": "Sync user in external application",
"eventType": "application.provision.user.sync",
"outcome": {
"result": "FAILURE",
"reason": null
},
"published": "2024-04-21T12:47:34.228Z",
"securityContext": {
"asNumber": null,
"asOrg": null,
"isp": null,
"domain": null,
"isProxy": null
},
"severity": "ERROR",
"debugContext": {
"debugData": {
"appname": "scim2headerauth"
}
},
"legacyEventType": "app.user_management.provision_user_failed",
"transaction": {
"type": "JOB",
"id": "pujgl88nx0RbEW2VX5d7",
"detail": {}
},
"uuid": "531c4191-ffdd-11ee-93ef-a539342b0d02",
"version": "0",
"request": {
"ipChain": []
},
"target": [
{
"id": "0uagl88nwyagnC9Bu5d7",
"type": "AppUser",
"alternateId": "user-upd@gmail.com",
"displayName": "user-fn1-up user-ln1",
"detailEntry": null
},
{
"id": "00ubhrjzodHO7J5MA5d7",
"type": "User",
"alternateId": "user-upd@gmail.com",
"displayName": "user-fn1-up user-ln1",
"detailEntry": null
},
{
"id": "0oadljnwjbOcxTKha5d7",
"type": "AppInstance",
"alternateId": "SCIM 2.0 Test App (Header Auth)-oloid-local",
"displayName": "SCIM 2.0 Test App (Header Auth)",
"detailEntry": null
}
]
}
This does not give much details of why Okta failed to read response.
Thanks,
Vijay Kumar
Hi, @User16872395488446542832 (Customer)
Thank you for posting on our Community page!
Please take a look at these articles to make sure you have followed all the correct steps for integration:
https://developer.okta.com/docs/guides/scim-provisioning-integration-connect/main/
https://help.okta.com/en-us/content/topics/reference/ref-apps-events.htm
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.