The Okta and Workspace ONE Access SCIM integration currently has the following known issues.
Solution: Click the Retry All Groups button.
Known Issue: When you delete a user in Okta, the user is deactivated in Workspace ONE Access. However, if you recreate the user with the same attributes in Okta again, instead of a new user being created in Workspace ONE Access the old user is updated.
Solution: If you delete a user from Okta, also delete the user from Workspace ONE Access using the SCIM API and from Workspace ONE UEM using the administration console.
To delete the user in Workspace ONE Access, use the following API:
DELETE /SAAS/jersey/manager/api/scim/Users/userID Host: WorkspaceONEAccessTenantFQDN Authorization: Bearer token
WorkspaceONEAccessTenantFQDN is your Workspace ONE Access tenant's fully qualified domain name, such as example.vmwareidentity.com, and userID is the user ID that you want to delete.
Known Issue: User groups created from Okta are associated with the System domain in Workspace ONE Access instead of the actual domain and are not associated with the directory that you created for Okta.
Solution: First, create the group with the correct domain name in Workspace ONE Access manually using the SCIM API, then link the group to the VMware Workspace ONE application in the Okta Admin console.
For detailed information, see the blog post Fixing Group Issues with Okta SCIM for VMware Cloud Services Customers.