Cloud Identity Engine Okta Directory unable to connect with error "Sync failed due to some internal error"

Cloud Identity Engine Okta Directory unable to connect with error "Sync failed due to some internal error"

9301
Created On 08/30/21 03:13 AM - Last Modified 10/26/22 02:48 AM


Symptom


  • A new Okta directory sync is setup with the Cloud Identity engine (CIE)
  • The Sync fails with the error "Sync failed due to some internal error"
DRS sync error

Environment


  • Cloud Identity Engine with Okta directory setup

Cause


  • This is a configuration issue where the Okta App in CIE is unable to connect to the Okta directory.
  • Review the configuration parameters in order to fix/debug the problem.
  • The user trying to add the directory is not a admin/read only admin and cant allow CIE the scopes needed.
  • The app is not properly configured on okta side. Contact Okta support to identify if and what additional errors are observed on the vendor side.
  • The info provided to CIE hub page has a flaw where  the client-id or secret might be  wrong
  • The issue was identified by Okta team with the refresh_token.

Resolution


At this point,  a custom App needs to be configured on Okta side instead of default integration app. 
This would resolve the issues on the Okta side and the Cloud Identity engine can now connect to the Okta and sync users/groups as expected.
 

Additional Information


For more details with respect to configuration caveats for Okta directory in CIE, use the following documentation.

Configure Okta as an IdP in the Cloud Identity Engine
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004LiXCAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language