Provisioning-enabled app limits

The following limits apply to all provisioning-enabled app instances of Box, Google Workspace, Microsoft Office 365, NetSuite, and Salesforce:

  • If entitlements are pulled into Okta using the built-in functionality of the provisioning-enabled apps, admins can't change the descriptions of those individual entitlements. The downstream app has exclusive control of the entitlement variables and their values. You can still add descriptions to entitlement bundles.

  • Some provisioning-enabled apps have mandatory configurations or entitlements that are required to create a user in the downstream system. If no bundle or policy assigned to a user includes a required entitlement, then attempting to provision that user to the downstream app fails. No user is created in the downstream system. In such cases, admins can assign the required entitlements and launch a reprovisioning job to try again.

Google Workspace

  • Entitlement Management can only be enabled for Google Workspace app instances created after the Entitlement Management Early Access features have been enabled for your org.

  • Entitlement Management isn't supported for existing Google Workspace app instances, regardless of provisioning state.

  • Roles have a limit of 500 assignments, regardless of the total number of roles. See How role assignment limits work.

Microsoft Office 365

  • Entitlement Management can't be used for Microsoft Office 365 app instances that use either the User Sync or Universal Sync provisioning options.

  • When you enable Entitlement Management for a Microsoft Office 365 app instance, only the Licenses/Role Management Only and Profile Sync options are available. The User Sync and Universal Sync options are neither shown nor available on the Provisioning to App page.

Related topics

Google Workspace requirements

NetSuite requirements

Salesforce requirements