00uh6dmcz28Ed9Jwh0h1.5411819052912317E12 (Customer) asked a question.
What happens to App Integrations when Super User who created them is disabled?
We have a number of App Integrations (client id/secret) that were manually created by a Super User who is leaving the company. It looks like the App Integrations are tied to their account, so I was wondering what happens to the App Integrations when their user account is disabled or deleted. Will the App Integration client id & secret that was previously generated by that user in Okta still work?
I also see this page (https://support.okta.com/help/s/article/Application-Functionality-Breaks-When-an-Admin-is-Deactivated?language=en_US), but it's not entirely clear in this case. I would appreciate any advice ASAP.
Hello @00uh6dmcz28Ed9Jwh0h1.5411819052912317E12 (Customer) Thank you for posting on our Community page!
The app integration brakes if the Admin account is used for API tokens or Provisioning. If it's just an application that has been created by the admin and the app has no tied API tokens generated by the admin account, the app will work without an issue.
OIDC applications have client ID/secret generated by the application and not a specific user, so they are not tied to a Admin account.
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
The application uses client id/secret, but we also use the OAuth Password flow to get a session token. We also use the client id/secret for provisioning new accounts through the Okta API. I do see the admin's name pop up in the Okta System Log. Does that mean that the admin account is tied to the application?
Hello @00uh6dmcz28Ed9Jwh0h1.5411819052912317E12 (Customer) It would see that the API token was generated by the account and you will need to replace that with a new Token from a different account.