Provisioning-enabled app limits
The following limits apply to all provisioning-enabled app instances. See Apps with entitlement support.
-
If entitlements are pulled into Okta using the built-in functionality of the provisioning-enabled apps, admins can't change the descriptions of those individual entitlements. The downstream app has exclusive control of the entitlement variables and their values. You can still add descriptions to entitlement bundles.
-
Some provisioning-enabled apps have mandatory configurations or entitlements that are required to create a user in the downstream system. If no bundle or policy assigned to a user includes a required entitlement, then attempting to provision that user to the downstream app fails. No user is created in the downstream system. In such cases, admins can assign the required entitlements and launch a reprovisioning job to try again.
Google Workspace
-
Entitlement Management can only be enabled for Google Workspace app instances created after the Entitlement Management Early Access features have been enabled for your org.
-
Entitlement Management isn't supported for existing Google Workspace app instances, regardless of provisioning state.
-
Roles have a limit of 500 assignments, regardless of the total number of roles. See How role assignment limits work.
Microsoft Office 365
Enabling or disabling Entitlement Management doesn't affect the available provisioning options. All four options remain available: Licenses/Role Management Only, Profile Sync, User Sync, and Universal Sync.