Group Push prerequisites
The following are the prerequisites for using Group Push:
- You must enable provisioning in the target app. If it isn't enabled, you're prompted to enable it.
-
Any group members that you want to push to the target app MUST be previously provisioned and assigned to the target app. As an Okta-sourced group, changes should never be made from the target app.
This process is always Okta-sourced. Group Push helps push existing Okta groups and their memberships to provisioning-enabled third-party apps. You can't push a group name that exists in the target app unless the app supports Group Linking. For example, Google Workspace, Box, Jive, and Active Directory allow you to link their existing groups to Okta. See Manage Group Linking.
- API access must be enabled in the target app.
- Confirm that the relevant group members are already imported into Okta and provisioned for the target app.
- To push groups to Active Directory, you must have permission to create groups in Active Directory. See Okta service account permissions.
Users who show as inactive in Okta aren't pushed to the downstream app. Reactivate inactive users and then repush the group. If the inactive user is part of more than one group, you must repush the user to all groups in which they're members.