Issue
I am trying to provision users with the Sentry role of Owner, but it is not working.
Applies To
- Customers using Okta SCIM for user provisioning in Sentry.
Resolution
As mentioned in our Okta SCIM Provisioning documentation, the Owner role cannot be provisioned via SCIM. This is a security measure to prevent a scenario where organization owners could be automatically removed or modified through identity provider changes.
In order to manage de provisioning accounts, you can follow the flow below:
SCIM only supports provisioning up to the following roles: Admin, Manager, Billing, and Member.
Attempts to provision a user with the Owner role via SCIM will result in a 400 error.
-
If you'd like someone to be an Owner, you should:
Provision them via SCIM as a Member.
Then manually assign the Owner role to their account within Sentry.
If you want to create a group in Okta for Owners, you can do so by ensure the group has no
sentryOrgRole
attribute defined. This allows you to group Owner accounts without SCIM overriding their role.