0

What happens when an identity provider (IDP) such as Azure or Okta cannot connect to a SCIM server for a time? Examples of this:

  • Syncing is "disabled" or "paused" for a time, then re-enabled (is "pausing" an option?)
  • Token in use is invalid, so a new one is generated and used in the IDP
  • Integration is removed from the IDP and added again (new setup)

Will all the users/groups need to be synced/checked against the application? Will the IDP only sync what happened in the interim? My assumption is that everything will need to be synced if it is a brand new setup, but I'm not sure what will happen if there is just a lapse in syncing.

KJ0797
  • 187
  • 1
  • 2
  • 14

1 Answers1

0

If the connection consistency fails due to number of reasons mentioned by you, then provisioning job pushes application to Quarantine state with below error messages: EncounteredQuarantineException
EncounteredEscrowProportionThreshold QuarantineOnDemand

At token expiration, admin will generate new token which will allow to restart provisioning to evaluate all the users in the source system again which are in scope of provisioning.

ShwetaM
  • 546
  • 2
  • 6