This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Provisioning Okta - create, update, add access

Community_User
Saviynt Employee
Saviynt Employee

‎04-12-2022 01:21 PM

Originally posted on February 7 2022 at 14:03 UTC

Good afternoon,


Our team and I are currently testing Okta's provisioning thanks to the Okta REST connector.


However, most of the functionalities does not work and we are not sure if this is because of the implementation or because of bugs.


  1. When requesting a new account for an application from the ARS for yourself or other, associated task is created. But when running the WSRETRYJOB, no any Okta account is created for the user, only in Saviynt an account is created related to the user and the associated security system and endpoint.
  2. The only way we figured out to provision a user into Okta is by assigning from Admin UI a user to a role that is linked to Okta's endpoint. This way, two tasks are created. One for creating the Okta account, the second one to add access to the associated role. When running WSRETRYJOB, the account is well provisioned into Okta but the job fails to execute the add access and so the user is not added to the related group in Okta.
  3. When updating a user, the task is created. When running WSRETRYJOB &/or Run Detective Rules and Take Action job jobs, the update fails.

Useful informations :
  • Our Saviynt's version is : v2021.0
  • We do you use a Autoapprove workflow to ease the process will implementing)
  • From the logs, we cannot find anything useful, except that Okta API PUT calls are send :
{"log":"2022-02-03 13:50:39,841 [quartzScheduler_Worker-2] DEBUG rest.RestProvisioningService - params.memento.addAccessJSON : [call:[[name:OktaGroup, connection:acctAuth, url:https://dev-95997492.okta.com/api/v1/groups/${entitlementValue.entitlementID}/users/${account.accoun..., httpMethod:PUT, httpHeaders:[Authorization:${access_token}, Accept:application/json], httpContentType:application/json, successResponses:[statusCode:[200, 204]]]]]\n","stream":"stdout","time":"2022-02-03T13:50:39.841230652Z"}


Is there anyone that has been able to make work Okta's provisioning connector accurately ? If yes, with which Saviynt's version ?
Best regards,
Nicolas

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos
2 REPLIES 2

Community_User
Saviynt Employee
Saviynt Employee

‎04-12-2022 03:05 PM

Originally posted on February 24 2022 at 16:34 UTC

Hi Nicolas,


Thank you for reaching out to us, 


Please use  {"showLogs": true} in the configjson setting to get more logs so this error could be better understood and we could help you out.


You can find this config setting under Admin -> Identity Repository -> Connection -> "YourConnection" -> ConfigJson



Regards, 

Belwyn.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Community_User
Saviynt Employee
Saviynt Employee

‎04-12-2022 03:05 PM

Originally posted on March 10 2022 at 14:18 UTC

Hi Nicolas Loriot, 


Could you please give us an update on this topic, where you able to fix this issue?


Thanks & Regards, 

Belwyn.


This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos
Copyright © 2023 Khoros, LLC