Dominic Sanchez
7 minutes ago
I would like to add a feature request to the okta sync provisioner: to ignore app groups in the sync process: We unfortunately have app groups that are named exactly the same as the groups we wish to sync and are running into runtime exceptions with the provisioner because of it, even if MAT errors are ignored
6 replies

Chris Hyzer
6 minutes ago
im not sure i understand, sorry
1:02
are you troubleshooting with SCIM in postman? how does a SCIM app group look different from a regular group? if that is what we are talking about, im not familiar with types of groups in okta sorry

Dominic Sanchez
3 minutes ago
Okta has different group types. app_ group, built_in, and okta_group. If a okta group with type app_group and a group with okta_group are the same name, the provisioner throws a runtime exception. In JSON postman returns: "type": "APP_GROUP", but the groups that this provisioner handles is "type": "OKTA_GROUP". The app groups are used if an app is setup provisioning back to Okta. Could also be a rule group as well.

Chris Hyzer
1 minute ago
so are you saying grouper should filter for OKTA_GROUP and ignore all the others?

Dominic Sanchez
Just now
Correct

Chris Hyzer
Just now
and when grouper creates a group the type of group okta applies to it is OKTA_GROUP, right?