The Okta and Workspace ONE Access SCIM integration currently has the following known issues.

Known Issue: When you push groups from Okta to Workspace ONE using the Push now command, you might get an error.
Push now.

Solution: Click the Retry All Groups button.


Known Issue: When you delete a user in Okta, the user is deactivated in Workspace ONE Access. However, if you recreate the user with the same attributes in Okta again, instead of a new user being created in Workspace ONE Access the old user is updated.

Solution: If you delete a user from Okta, also delete the user from Workspace ONE Access using the SCIM API and from Workspace ONE UEM using the administration console.

To delete the user in Workspace ONE Access, use the following API:

DELETE /SAAS/jersey/manager/api/scim/Users/userID
Host: WorkspaceONEAccessTenantFQDN
Authorization: Bearer token

WorkspaceONEAccessTenantFQDN is your Workspace ONE Access tenant's fully qualified domain name, such as, and userID is the user ID that you want to delete.

For example:


Known Issue: User groups created from Okta are associated with the System domain in Workspace ONE Access instead of the actual domain and are not associated with the directory that you created for Okta.

Solution: First, create the group with the correct domain name in Workspace ONE Access manually using the SCIM API, then link the group to the VMware Workspace ONE application in the Okta Admin console.

For detailed information, see the blog post Fixing Group Issues with Okta SCIM for VMware Cloud Services Customers.