[Okta] Provisioning activities show "succeed", but nothing happened in Okta itself

Hello IDN Devs community,

Disclaimer:
I’m creating my very first topic after hours of trying to find an answer by myself. I hope I can find someone who can help.

I don’t usually post in forums like this (e.g. Stack Overflow, Reddit, etc) because newbies are usually trolled by experts with little patience and I’m very new in this community, so please be kind with your answers.

Now, my problem:
We want to provision Okta groups assignment (via Role standard criteria and via Request Center). It worked for a while, but we just realized that nothing has been provisioned since July 26th.

I’m checking with our professional services partners to know if they disabled something on their side (they haven’t responded and I’m afraid it’ll take until next week), but I also tried to resolve this myself.

I reviewed all options in the UI and checked the source profile via the Visual Studio IDN plugin and I can’t find a single clue on what’s missing. I have to admit I’m new to IDN and I’m probably missing something, so I would really appreciate some guidance here.

Thanks in advance for your time and support!

Elisa.

Welcome to the community Elisa… Sorry I don’t have a solution to your problem, but I can guarantee you trolling, or even being slightly rude, does not happen in this community

Hi Elisa!

Firstly, welcome to the SailPoint Developer Community! It’s actually fantastic to have new members like you who are eager to learn and solve problems. There’s absolutely no need to worry about being a newbie here; we all started somewhere, and our community thrives on the shared goal of learning and helping each other out. So, you’re in good company!

I’m sure the right expert, or Developer Community Ambassador, will come along soon enough (though maybe after the weekend!) to help out!

P.S. I see you’ve joined our Ambassador in Training program—before you know it, you’ll be the expert here helping others who find themselves where you are now!

EDIT: Look at that, one of our experts, our very own @iamnithesh showing exactly what I was talking about!

Thanks Nitesh, I appreciate the reassurance this is a safe space to ask my questions. See you around!

Thanks @colin_mckibben for the warm welcome. I’ve been following all your posts with a lot of attention as we’re just starting our journey with SailPoint and everything seems exciting and with a lot of potential to grow the multiple solutions we have in mind to improve our IDAM ecosystem.

I took all the self-paced Essentials courses which were a great onboarding for working in the UI and building our foundations, and I’m following the self-paced version of the “Advanced Configurations” course. However, I’m now reaching to a point that I need to work the APIs to get some stuff done, and I’m just getting familiar with the IDN plugin for VSCode which seems very helpful, but sometimes the need for an answer to a specific problem takes hours of research and trial and error, until I finally get my “aha” moment and grow from there.

So, as a newbie, sometimes I’m missing some more comprehensive logs in the UI that would help me to troubleshoot why my changes weren’t as smooth as they should have but maybe it’s just a matter of getting familiar with both the UI and the different options I can get from the API.

In particular, with my “provisioning problem”, I get “success” for Provisioning Activities adding/removing groups and creating accounts in Okta, but nothing has been reflected in Okta itself since July 26th (checked the logs associated to the service account that connects with SailPoint).

I confirmed the API token issued from Okta is still active and the aggregation is still retrieving changes to user profiles and group memberships (i.e. the connection is still “reading” from the source) and the Okta service account still has the permissions to create accounts and assign entitlements, so my suspicions is something changed in SailPoint setup that prevents provisioning, and I’d like to know how to revert that to make it work again.

As I mentioned in my post above, I reviewed the source config in the UI and I didn’t find anything that prevents provisioning from there, the Virtual Appliances are healthy, and my guess is that something was disabled behind the scenes via the APIs (maybe a Provisioning Policy is missing?).

Can anyone point me to any articles/examples on Provisioning Policies and or any other provisioning configurations available for Okta?

That would be very helpful to understand how I can fine tune our setup without breaking anything I shouldn’t touch.

Thank you!!

Hi @eabedrapo1
Welcome to SailPoint Developer Community and wishes for your journey to explore this amazing product.

Please refer the below documentation which can be helpful

https://documentation.sailpoint.com/connectors/okta/help/integrating_okta/introduction.html

Thanks @rajeshs, I’ll check it out.
In the meanwhile, do you know if provisioning can be halted/disabled via APIs and still showing like “happening” in the UI?

UPDATE:
Hi @rajeshs, thanks for sharing the article in your answer above. I’ll wait until tomorrow to Enable Connector Logging, as I need to work with my colleague who has access to the server that hosts the VA to get access to the logs. We will see what we can find.

Despite I still don’t know if that will lead me to the answer I’m looking for, I’m marking your suggestion as the “solution” to this thread. I’ll share the results of my research in another post during the week. Thank you!

An update for the community, in case someone gets the same problem in the future.

Turns out that the problem was the ServiceNow connector that was sucking all provisioning actions. When they happened, the fire and forget event opened an auto-closable ticket in ServiceNow (which is our requirement), but it didn’t allow to continue any provisioning down to Okta. So, in SailPoint’s logs and in ServiceNow the provisioning looked like “successful”, but nothing was actually happening in Okta.

Once we removed Okta from the sources connected to the Service Desk connector, all provisioning operations started to happen again.

Thanks all for the answers trying to help here.

I’ll see you around in this forum!

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.