Okta push group erroring with 1password SCIM

davidoh_qz
davidoh_qz
Community Member

We are unable to push the group from Okta to 1password for a few groups. Please see below for the log from our kubs scim log:

[LOG] [1.3.0] 2020/07/14 16:56:43 (ERROR) PatchGroupHandler failed to PatchGroup: patchGroup failed to ApplyGroupMemberFieldOperations: applyGroupMembe rOp failed to BuildGroupMembershipChangeReq: unable to PATCH Group Memberships: 434:

any help would be appreciated.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi @davidoh_qz,

    That error is not verbose enough to tell you what is going wrong. We are working on making that more clear.

    There are a couple possible problems here:
    - You are attempting to add a Guest type user to a second vault. Guests only are able to be added to a single vault (https://support.1password.com/guests-teams/#share-a-vault-with-a-guest)
    - One of the users in the group are in the process of finalising their provisioning process (Pending Provision). This is a blocker until the user's provisioning is completed by the SCIM Bridge. The finalisation process runs once every five minutes. You are also able to approve the pending user manually if you want to speed that up. The reason for this is that the user's encryption keys are in a transition state between their invited state and fully active state, and so cannot be amended to add another group's private key.
    - You have hit the PATCH group bug we resolved in version 1.3.1, where a failure can occur when operating on a previously removed user. (https://app-updates.agilebits.com/product_history/SCIM#v103011)

    If the first two cases do not sound applicable, try updating to v1.4.3 and try again.

    We can help you more precisely if you write into our support team with full logs and account information, as then we can compare against our internal logs.

    Graham

This discussion has been closed.