Overview
This article addresses an error that occurs when configuring an Okta Workforce connection with Inbound System for Cross-domain Identity Management (SCIM). While new users sync correctly, attempting to sync existing users on the connection fails with the following error:
Resource already exists
Applies To
- Okta Workforce Inbound SCIM
Cause
The default SCIM settings are optimized for new connection deployments, not for connections with pre-existing users. The error occurs because the SCIM userName attribute is not mapped to a unique, searchable user identifier, such as email, in Auth0. This prevents the system from locating existing users during the sync process
Solution
To resolve this issue, the SCIM userName attribute must be mapped to a unique, searchable identifier that corresponds to the existing users. The default settings are detailed in the Inbound SCIM for Okta Workforce connections documentation
- In the Auth0 dashboard, navigate to the Provisioning tab of the Okta Workforce connection
- Update the mapping for the SCIM attribute containing the user ID attribute to a unique and searchable user identifier. In most cases, mapping this to
emailresolves the issue
- Select Save to apply the changes.