We are currently experiencing a weird issue. We have Jive SSO setup with Okta and user provisioning for Jive is turned on in Okta. I follow the steps below to recreate the issue:
1) I log in to the Jive admin portal and confirm that the test account does not exist.
2) I create a brand new test account in Active Directory with permissions to use Jive.
3) Once AD replication with Okta completes, the new user shows up in Okta with the ability to use Jive.
4) I check the Jive admin portal and see that the test account now shows up.
5) I login to Okta using the test account and attempt to use Jive.
6) I get the following SSO error listed below (replaced my test account below with email@example.com).
- Verifying received AuthnContext org.opensaml.saml2.core.impl.AuthnContextImpl@38a07822 against requested null
- User firstname.lastname@example.org not found in external identity table
- There was an error during SAML authentication
com.jivesoftware.community.aaa.sso.SSOAuthenticationException: Email already exists. This exception indicates a user marshalling error
7) If I go ahead and delete the test account from Jive and then relaunch the Jive app in Okta, it works and I see that Okta has recreated the account in Jive.
I figure it has to do with the user information missing from the external identity table because when I delete the account in step 7 and Okta recreates it, the user is no longer missing from the external identity table. I have the same issue when trying to federate a non federated account.
How can we go about resolving this issue?