Troubleshooting Okta Sync Failure

Owned by Rinkesh Goyal (Unlicensed)
Last updated: Sept 02, 2022 by Christine Gross
3 min read

Error: Could not connect to Okta.

Problem - This error occurs because the Okta account trying to sync Okta does not have access to the OAuth application created for Zilla.

Solution - The Okta account that the client is using to sync Okta should have access to the OAuth application created for Zilla and also make sure they are Super Administrator in Okta.

Assigning Application to a User in Okta

  1. Login to your Okta admin account.

  2. In the top right corner click on Avatar > Your Org

     

     

  3. In the left sidebar navigate to Applications.

     

     

  4. Navigate to the Assignments tab.

     

     

  5. Click on the OAuth app for which you want to assign a user.

     

     

  6. Click AssignAssign to People or Assign to Groups based on your requirement.

     

  7. Search for the user to whom you want to assign the application and click Assign to the right.

     

     

  8. Click Save and Go Back.

  9. If you want to remove an assignment, on the Assignments tab click on “X” to the right of that assignment.

     

     

Error-HTTP Error Response: 401 Unauthorized with error response

Logs in Datadog for these kind of errors -

{"error":"invalid_grant","error_description":"The refresh token is invalid or expired."} {"errorCode":"E0000006","errorSummary":"You do not have permission to perform the requested action","errorLink":"E0000006","errorId":"oaejBPJmHL6SiivqVnBDbkqGQ","errorCauses":[]} {"error":"unauthorized_client","error_description":"The client is not authorized to use the provided grant type. Configured grant types: [authorization_code]."}

This could be due to 2 possible reasons:

  1. Either the access token or refresh token is expired - Reauthentiction will fix this type of error.

  2. When the OAuth app has been created the type of refresh token set is Rotate token after every use and to solve this make sure that the type should be Use persistent token so that refresh token never expires.

  3. The user who is trying to sync Okta into Zilla does not have a Super Administrator role. To Assign Roles in Okta refer Okta Support doc.

Refer to Okta Support Doc while creating the OAuth application.

HTTP Error Response: 403 Forbidden

This error occurs because scopes are not correctly set.

Solution - Refer to Okta Support Docs for the scopes.

For this type of Error make sure the domain used for configuration is correct.

Solution - Refer to Okta Support Docs for the domain.

Okta - No permissions come in even with successful sync

Problem - The user who did the sync did not have permission to view okta admin permissions.

Solution - The user who is trying to sync Okta into Zilla does not have a Super Administrator role. Refer to Okta Support Docs to Assign Roles in Okta.