User is "waiting for a provisioning manager to confirm their account"

Luke13
Luke13
Community Member

Hi, we have deployed the scim bridge to provision our users via OKTA. Now everything seems to be working well, group pushing etc.. all looked well.

We added 2 new users from OKTA yesterday, and pushed to 1Pass, one of the user is all good, an invite is sent out to him.

However the other user is showing as "Pending Confirmation, Evelyn Lugiarto is waiting for a provisioning manager to confirm their account."

I tried to push the user again from OKTA, but the same problem still.

Can you please let me know how to fix it?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hello!

    You can confirm manually by visiting the user’s page in the admin console. That said, the provision watcher may not be running - I would recommend checking your SCIM Bridge logs to see if there's anything weird going on.

    Cheers!
    Amanda

  • Hi again!

    I just wanted to add - another way to check the health of your SCIM Bridge is to go to your SCIM Bridge URL and enter your bearer token, it should bring you to a status page which could reboot your provisioning watcher, if not will at least give you your logs to check out.

    Cheers!
    Amanda

  • Luke13
    Luke13
    Community Member

    Hi Amanda

    Thanks a lot for your quick reply!

    I have tried the following steps, but it's still not working, then I have turned off the "Provisioning users & groups", now doing it all manually for the time being:
    - I regenerated credentials and updated okta with the new bearer.
    - I checked the health of our SCIM Bridge, it's all green (Except the "Provision Watcher").
    - I then downloaded the logs from that page, I have pasted some log below, hope you can give me some directions from it.

    Thanks!

    [LOG] [1.6.2] 2021/03/09 21:50:13 (ERROR) re-authentication failed. will retry: Authentication: DB: 436: User is deleted.

    [LOG] [1.6.2] 2021/03/10 01:32:12 (INFO) GET /monitoring from 10.244.1.1:38604 - 200 (OK) in 93ms
    [LOG] [1.6.2] 2021/03/10 01:33:52 (ERROR) re-authentication failed. will retry: Authentication: DB: 403: Forbidden
    [LOG] [1.6.2] 2021/03/10 01:35:53 (ERROR) re-authentication failed. will retry: Authentication: DB: 403: Forbidden
    [LOG] [1.6.2] 2021/03/10 01:36:48 (ERROR) AuthWrap failed to check session, trying to generateNewSession: failed to touch session: failed to DoEncrypted: 401: Unauthorized
    [LOG] [1.6.2] 2021/03/10 01:36:48 (INFO) connected to Okta
    [LOG] [1.6.2] 2021/03/10 01:36:48 (INFO) session invalid, generating new session
    [LOG] [1.6.2] 2021/03/10 01:36:50 (INFO) GetGroupHandler found group atjx3azqlz5tjyr2ztuk7sg5ju

    [LOG] [1.6.2] 2021/03/10 01:36:55 (ERROR) PatchGroupHandler failed to PatchGroup: patchGroup failed to ApplyGroupMemberFieldOperations: applyGroupMemberOp failed to BuildGroupMembershipChangeReq: Couldn't patch group memberships.: 434: Application Error
    [LOG] [1.6.2] 2021/03/10 01:36:55 (INFO) PATCH /Groups/atjx3azqlz5tjyr2ztuk7sg5ju from 10.240.0.4:29887 - 500 (Internal Server Error) in 1920ms
    [LOG] [1.6.2] 2021/03/10 01:36:58 (ERROR) SessionAuthWrap could not validate session token

  • First off, I apologize for saying ignore the warning about the provision watcher - it was clearly giving accurate information, my bad! Second, I think this might require a call to sort out - can you please email support@1password.com and reference this post? We can setup a call from there.

    Cheers!
    Amanda

This discussion has been closed.