To maintain consistent group membership between Okta and Opti ID, use separate groups for assigning and pushing to Opti ID.
Okta does not recommend using the same group for assignments and group push because it may result in race condition issues. See Okta's documentation:
Before completing this setup, you must first create a SCIM provisioning app in Okta.
Create assignment and push groups in Okta
Go to Directory > Groups and create two groups:
- Test SCIM Assign Group – For group assignment. Use to organize users in Okta.
- Test SCIM Push Group – For group push. Use to sync groups to Opti ID Admin Center.
Configure the Assign Group
- In the Okta SCIM app, go to Assignments > Assign > Assign to Groups.
- Find Test SCIM Assign Group and click Assign.
- Assign users to the group. This syncs the users to the Opti ID Admin Center, if they do not already exist, without any group assignments.
Configure the Push Group
- In the Okta SCIM app, go to Push Groups > Push Groups > Find groups by name.
- Find Test SCIM Push Group and select one of the following options:
- Create Group – Create a group in the Opti ID Admin Center.
-
Link Group – Link to an existing group in the Opti ID Admin Center.
- Assign a user that is in the Test SCIM Assign Group to the Test SCIM Push Group.
- This user is now assigned to the Test SCIM Push Group in the Opti ID Admin Center.
Article is closed for comments.