We have integrated Okta in IdentityNow using OOTB Okta connector which is working fine in all the scenarios.
The below scenario where I don’t see any error in SailPoint but it is not working as expected:
Removal of roles(example - ORG_ADMIN, SUPER_ADMIN, HELP_DESK_ADMIN) of Okta using access certifications. Provisioning activities shows the plan and the removal of these roles as committed. But on Okta, the role is not being removed from the user.
PS: The access certification or revocation of general okta groups is working as expected and it is removed on target Okta. Only issue I see is with the roles of Okta.
Hey Archana,
This should work as I can see it’s working for internal org(Not my org though but for connector team’s org). Can you enable ccg debug logs and see what api calls are being made and what’s the response when removing roles in certification.
The logger class would be same class which you see when you make single source get call. You can see the class in json object when you get single source using v3 api.
Thanks Chirag for confirmining. We were able to remove READ_ONLY_ADMIN directly. The problem we face is with SUPER_ADMIN and ORG_ADMIN roles. All the ccg logs and the provisioning activities says it is committed on IDN end.
Can you confirm if you were able to remove ORG_ADMIN and SUPER_ADMIN roles from your Okta org?
@chirag_patel - We are facing similar issue, we have added roles in account schema and created new group schema for roles. The okta source entitlement aggrgation failing with following error.