So we have a process, SPN that synchs DB changes to AD.
We also have multiple environments, dev 1 dev 2, QA, etc. which we switch between in the full dev lifecycle.
If a user is arrived on center in one environment, and not in the other, each time SPN gets run
on the other environment, the user gets it's state changed *(added or deleted)
This screws up Okta, and the users cant' login, until you do the following.
log into okta domain on OktaPreview, click admin button to goto admin panel
On the left nav. Menu: Directory> Directory Integrations
In the center pane select: Active Director for student.jcd*v.org
(A new page will load)
In the center pane again select: Import, Clear unconfirmed users and then Import Now
In the popup you can do Incremental (takes a short period of time <10 min) or Full Import (takes a little longer).
Increment adds and disables accounts
Full Import adds and deletes accounts (*do this to fix, increment is inconsistant)
No comments:
Post a Comment