Skip to main content
Integrations

SSO SCIM Error Messages

Affected: Single sign-on, Okta

Overview

Reference this document when experiencing issues when signing on through SSO and you see SCIM assertion consumer errors.

Topics

Occurs during setup or provisioning?

  • Errors during setup: These errors occur upon initial configuration of SCIM.

  • Errors during provisioning: These errors occur when provisioning users through SCIM.

SCIM Errors

Full error message

 *Occurs during setup or provisioning Reason for error Steps to resolve

Multiple users found by userName. Expected 0 or 1 results but was 2

 Provisioning

The team members were stuck in a deactivated members collection in our database.

 Contact Technical Support to have the deactivated members fully removed.

 

Error (400) invalid_request: New Users must be provisioned through SCIM.  Please ask your administrator to provision your account.

 Provisioning

The team members username in Okta is incorrect.

Or 

The team members role in Okta is not defined on their assignment.

Ensure the username and email in Okta are the same.

Or

Ensure the role in Okta is defined. If the role is not defined, it will treat it as an update to an existing member instead of creating a new member.

Okta Specific Errors

Full error message

 *Occurs during setup or provisioning Reason for error Steps to resolve

You already have a SCIM client connected to your account. You must disable it before adding another.

 Setup

Occurs when you disable SSO on the LaunchDarkly side while SCIM is enabled on the Okta side and then try to re-enable SSO on the LaunchDarkly side while SCIM is still enabled on the Okta side.

 Okta prevents the SSO connection until you disable SCIM on Okta. You'll need to log into Okta and disable the SCIM connection on the Okta side. Then you will be able to enable SSO on the LaunchDarkly side.

Error while updating group membership for group {GROUP_NAME}: Internal Server Error. Error reported by remote server: internal error.

 Provisioning Occurs when you try to push an Okta group while SCIM is enabled, and it fails to patch the group and assign a member to the group. Contact Technical Support to troubleshoot further.

Automatic provisioning of user {NAME} to app LaunchDarkly failed: Matching user not found.

 Setup or Provisioning Occurs when Okta cannot find an existing user within LaunchDarkly to update.

If this is a new LaunchDarkly user, enable the Create Users settings under the Provisioning tab of the app within Okta.

If this is an existing user, ensure the username attributes match the member's email on the LaunchDarkly side, and enable the Update User Attributes under the Provisioning tab for the app within Okta.

Automatic provisioning of user {NAME} to app LaunchDarkly failed: Error while trying to push profile update for {EMAIL}: Internal Server Error. Errors reported by remote server: error updating account

 Provisioning Occurs when SCIM was implemented after the member is already provisioned in LaunchDarkly. This results in the member not fully syncing between Okta and LaunchDarkly.

In Okta, unassign/reassign the affected member from the LaunchDarkly app while SCIM is enabled.

Resources

Related articles

Contact Support
Get in touch with us, so we can answer your specific questions directly.
Submit a ticket
contact support icon
Contact Support Get in touch with us, so we can answer your specific questions directly
call to action arrow
documentation icon
Documentation Explore our documentation on feature flagging, experimentation & more
call to action arrow
submit support tickets icon
Your Support Tickets Check the status of all the support tickets you've filed
call to action arrow

READ

Blog

Learn the latest in feature management and our platform.

WATCH

Webinars

Register to watch live and on-demand content today.

LEARN

Documentation

Get technical and learn how to start using feature flags.