<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D5KZ00001RxfCN0AZOkta Classic EngineIntegrationsAnswered2025-11-05T19:04:13.000Z2025-10-02T13:30:07.000Z2025-11-05T19:04:12.000Z

ShaileshN.87371 (Customer) asked a question.

October 2, 2025 at 1:30 PM
Okta Group Push shows “No match found” unless Import Groups is enabled (Databricks SCIM). Is this expected?

Context

 

 

Steps to reproduce

  • In the Okta Databricks app → Provisioning:
  • API creds working; Provisioning to App (Create/Update/Deactivate) is enabled.
  • Import Groups = OFF under Provisioning → Integration.
  • Go to Push Groups → By name, select an Okta group, choose Link Group, then Find existing App Group and search for the Databricks group.
  • Observed: The search returns “No match found.”
  • Workaround: Turn Import Groups = ON and click Refresh App Groups. Now Find existing App Group shows the Databricks groups and linking works.
  • If we turn Import Groups back OFF afterwards, the already linked groups keep working—but we hit the same “No match found” problem when trying to link new groups later.

 

 

What I expected

  •  Group Linking to be able to discover app-side groups (for linking) without keeping Import Groups turned on permanently.

 

 

 

Questions

 

  • Is it required (by design) to enable Import Groups—even temporarily—for Group Linking to “see” app groups for the Databricks SCIM app?
  • Should Refresh App Groups populate the app-group list for linking when Import Groups is OFF? (If yes, any known issues or permissions that could block this?)
  • For the Databricks SCIM integration specifically, does Group Linking rely on app-group import/sync? Any known limitations?
  • Is there a way to link by exact name or app group ID without importing app groups?
  • Any best practices to prevent duplicate groups on the Databricks side when using Push/Link?

 

  • 4 answers
  • 196 views

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @ShaileshN.87371 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    The behaviour you reported is expected. As part of the Push Group functionality Okta needs to have a list of pre-existing groups present in the downstream app. 

    You can suggest a change as a Feature Enhancement Request on the Okta Community page by going to the Community Ideas tab. Features suggested in our community are reviewed and can be voted and commented on by other members. High popularity will increase the likelihood of it being picked up by the Product Team and it being implemented. 

    More details here.

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Collect them all. Learn a new skill and earn a new Okta Learning badge.

    Just released: More Okta Community badges just added

    Expand Post

  • ShaileshN.87371 (Customer)

    @Mihai Negoita - Okta (Okta, Inc.)​ Thanks for confirming.

    One follow-up:

    Enabling Import Groups does let Group Push/Link see the Databricks groups, but it also creates app-sourced groups in Okta, which we don’t want to keep in our directory.

    Is there a supported way to link Okta groups to existing Databricks groups without permanently importing app groups? For example:

    • Can Refresh App Groups populate the list for linking while Import Groups = Off?
    • If the only supported path is to enable Import Groups temporarily, can you confirm it’s safe to:
      1. enable Import Groups, refresh, perform the Link Group actions,
      2. then disable Import Groups again, and
      3. delete the imported app-sourced group objects from Okta to keep the directory clean — without breaking the links or deleting the actual groups in Databricks?

    If there’s no way to avoid persisting app-sourced groups, is there an API or exact-name/ID method to link directly, so we can skip the import step? Any best practices here to prevent duplicates on the Databricks side are also appreciated.

    Expand Post

  • BrandonB.06003 (Customer)

    A lot of OIN SCIM apps require you to import app groups unfortunately especially if you want to map an okta group of a different name to an app group of another name. you may be able to try to just push the group with the same name and see if it links. I know that is how it works with AD push groups

This question is closed.
Loading
Okta Group Push shows “No match found” unless Import Groups is enabled (Databricks SCIM). Is this expected?