Source Okta: deprovisioned users not returning

[zbrak]

Tell us about the problem you're trying to solve

This request is in response to a constraint with the Okta connector - it’s quite mission critical as the current connector does not effectively allow us to account for user lifecycle.

Problem statement

• The users stream hits the default ‘list users’ endpoint for Okta users the first run unfiltered. This endpoint only returns users not in a "DEPROVISIONED" status when not filtered.
• This corrupts the output, as de-provisioned users aren’t returned, and you will always overstate your active users in the dataset.
• The "DEPROVISIONED" status users need to be returned within the stream in order for a complete user picture out of okta.
  This heavily devalues the use of this connector for seeing a full user lifecycle.

Describe the solution you’d like

The "DEPROVISIONED" status users can be returned through a filtered call - I’m not sure the best way this can be resolved, but I believe if the stream can be filtered initially - it would return all de-provisioned users along with it.

A couple ideas - not sure which one makes most sense:

• The users stream makes a secondary call setting the filter to status eq "DEPROVISIONED"
• An initial “Sync data from date” parameter is passed, facilitating an initial filter of: lastUpdated gt "yyyy-MM-dd'T'HH:mm:ss.SSSZ" (this may be most accessible to the existing stream)
• A secondary users stream, called deprovisioned_users is copied from the initial with a fixed filter of status eq "DEPROVISIONED"

Thank you for your consideration, Again this is extremely important to having us able to effectively account for user lifecycle out of the Okta tenant.

[YiyangLi]

@zbrak do you still have the challenge? From my first impression, the 3rd solution would be easier to implement, which is to add a secondary stream called deprovisioned_users, where the schema is the same as users, let me know.

[zbrak]

Hi Yiyang, That sounds like a great approach! Yes straightforward enough to merge data on destination and good to have separation I think. Thanks!

…

On Mon, Jul 11, 2022, 9:54 PM Yiyang Li ***@***.***> wrote: @zbrak <https://github.com/zbrak> do you still have the challenge? From my first impression, the 3rd solution would be easier to implement, which is to add a secondary stream called deprovisioned_users, where the schema is the same as users, let me know. — Reply to this email directly, view it on GitHub <#8143 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AS63Q25IRDTJJORVSTWK2R3VTTF5RANCNFSM5IM5HW3A> . You are receiving this because you were mentioned.Message ID: ***@***.***>