What is Provisioned status in Okta API?

Question

I have been playing around with user lifecycle events against the Okta REST APIs.

I'm confused about the various Okta user statuses, specifically STAGED, ACTIVE, and PROVISIONED. I have seen this diagram:

but it does not fit what I am experiencing.

When I run "create user", as in this example, and I pass in "activate=false" I get a user in STAGED status. If I pass in "activate=true" I get a user in ACTIVE status.

Once the user is created, I am running these REST calls:

Something I am doing puts my user into PROVISIONED status and I can't figure out what that is. Is it creating an "active" user, then updating? Or creating a "staged" user and then updating, or creating an "active" user and then resetting password and waiting an amount of time before they log in? As you can imagine, many permutations here.

What REST call combination puts a newly created Okta user into PROVISIONED status? Is PROVISIONED status like ACTIVE status where the user is "good to go" and can authenticate? Or PROVISIONED more like STAGED where I need to "activate" my user?

Let me know if my answer helps. I'm happy to edit it if you need more info. Cheers! — Nate Barbettini, Jun 29 '17 at 19:24

score 6 · Accepted Answer · answered Jun 29 '17 at 19:24

Is PROVISIONED status like ACTIVE status where the user is "good to go" and can authenticate? Or PROVISIONED more like STAGED where I need to "activate" my user?

PROVISIONED is almost like ACTIVE, except the user doesn't have any credentials yet and can't log in.

Here's a simple example:

Create a user (but with no password)

POST {{url}}/api/v1/users?activate=false
{
  "profile": {
    "firstName": "Test",
    "lastName": "Testerman",
    "email": "tester@example.com",
    "login": "tester@example.com"
  }
}

Activate!

POST {{url}}/api/v1/users/00ub09deolJQUhKPm0h7/lifecycle/activate?sendEmail=false

This results in a user with "status": "PROVISIONED".

What might be happening in your case is that the password reset operation is making it look like the user doesn't have a password, so when you do the activate operation, you get PROVISIONED.

Your explanation of provisioned status is helpful. I still can't figure out what is getting my users into PROVISIONED. — nettie, Jun 29 '17 at 20:32
@nettie I suspect it's the password reset request. If you want to post the exact API calls you're making, I can look into it further. — Nate Barbettini, Jun 30 '17 at 17:39

score 0 · Answer 2 · answered Jun 10 '19 at 16:01

0

The reason the user status is in the Provisioned state is because you didn't specify user password during creation. If you specify the password then user will be Active vs Provisioned.

answered Jun 10 '19 at 16:01

Felix Friedman

41
5

I don't think it does though. In this particular case user is set to provisioned because the password wasn't specified during creation. it has nothing to do with password reset request. – Felix Friedman Jun 11 '19 at 02:26

What is Provisioned status in Okta API?

2 Answers2