Troubleshoot Okta Lifecycle Management provisioning
This is where you'll find information to help you troubleshoot provisioning issues for new and existing SSO-enabled applications.
To view errors that occurred during the provisioning process, select Dashboard > Tasks on the Okta Admin Console.
Provisioning has failed. From the Dashboard > Tasks page in Okta, the following error is displayed: "Automatic provisioning of user John Doe to app Salesforce.com failed: The credentials used to connect to the API were invalid; please check your configuration".
This could be due to the third-party admin account reaching a password expiration, or the password was changed and not updated in Okta. It could even be that the third-party admin accounts username was changed or the account has been disabled.
Check that the third-party application admin account used to set up the provisioning function within Okta is still valid and can be used to log into the third-party application directly. If the account works, make sure to re-enter the account info into the Integration section of the Provisioning tab for your application in Okta. If the account does not log in, use another admin account (if applicable) to log into the third-party application and check on the admin account in question. Fix any issues found with that account (password reset, username changed, account expired) and then re-enter the updated information in the Provisioning configuration.
Provisioning has failed. From the "Tasks" page (Dashboard > Tasks) in Okta, the following error is displayed: “Automatic provisioning of user John Doe to app Salesforce.com failed: Matching user not found.”
This can happen with a very simple mistake where you enable the provisioning feature by setting up the Integration and saving it. But then forget to turn on the create, update, and deactivate users options. This error message lets you know that create users option is not on, as the error message is stating that it was unable to find a user in the salesforce application that matches this user, therefore it could not assign the application. If the Create user option is turned on, it would create a new user in Salesforce once it found no matching user existed, and assignment would succeed.
Ensure that in the Provisioning tab of your application, for the To App setting, you click Edit and enable Create Users, Update User Attributes, and Deactivate Users options.
Provisioning has failed. From the "Tasks" page (Dashboard > Tasks) in Okta, the following error is displayed: “Automatic provisioning of user John Doe to app Salesforce.com failed: License Limit Exceeded.”
This issue occurs when a user is assigned to an application and a role or licensing level has been granted that we have either run out of or do not possess.
Ensure that sufficient licensing exists prior to user assignment. If you do run into this issue, procure the required licensing and simply click Retry Selected on the "Tasks" page once the licensing issue has been fixed.