Disclaimer: an Okta user deletion is a permanent process that cannot be reversed. Use these scripts at your own risk. All scripts are provided AS IS without warranty of any kind. Okta disclaims all implied warranties including, without limitation, any implied warranties of fitness for a particular purpose. We highly recommend testing scripts in a preview environment if possible.General GuidelinesUsing the Sample Script
Though Okta recommends utilizing the Okta Admin console to perform individual user deletions, the Okta GUI currently does not facilitate deleting multiple users at once. However, our API can be leveraged to perform bulk user deletions in a variety of ways. In general, the recommended process is as follows:
- Create an API Token (please see our API Guide for details)
- Compile a CSV file consisting of users to be deleted
- Construct a script that performs a Delete User command for each of the users contained in the above CSV file
- Note that the API can be leveraged to deactivate and then delete the user within the same script, whereas the GUI can only delete a user that is in a deactivated state.
A developer can consult our API Reference Guide
when constructing a script that best suits your organization's needs.
If you do not have a developer on staff, we have created a Powershell script that will delete users (Deactivated or
Activated) whose usernames are provided in a "user-list.csv" file. Please note that due to a wide variety of scenarios that can present a need to delete multiple users, this CSV file must be compiled by the customer. One very simple way to retrieve a CSV file of all Okta users is to download the Okta Password Health
CSV that can be found in Reports > Okta Usage.
This CSV file can then be trimmed accordingly (by deleting all rows consisting of Active users, for example).To run the script:
- Download the GitHub Repository and extract the files to a folder of your choice (we recommend a short path such as C:\OktaScripts to simplify typing it in Powershell)
- Add the full Okta usernames of the users you want to delete in the column named "login" inside users-list.csv. This column can contain either Active or Deactivated/Deprovisioned users.
- Open PowerShell and change the directory to the path where the above files were saved
Run this command: .\delete-ps1 –orgurl "YourOktaTenantURL" -apikey “YourApiToken” -filepath “user-list.csv"
- Replace YourOktaTenantURL with your entire Okta URL, and YourApiToken with the API Token you've generated.
- user-list.csv can be replaced by the CSV file of your choice. The script requires that the CSV file has a "login" column that contains the username of each user that is to be deleted. Additional columns can exist in the CSV file and will be ignored by the script.
For auditing purposes, the script will create some or all of following log files in the directory that contains the Powershell script, depending on the status of users deleted and whether the delete operation succeeded or failed. These files will be placed in a "Logs" subdirectory within the same directory that contains the Powershell script. Note that these files cannot be used to roll back changes performed by the script.
Reminder: an Okta user deletion is a permanent process that cannot be reversed. Use these scripts at your own risk. All scripts are provided AS IS without warranty of any kind. Okta disclaims all implied warranties including, without limitation, any implied warranties of fitness for a particular purpose. We highly recommend testing scripts in a preview environment if possible.
- deprov-users.csv: lists each user that was in a deactivated state upon script execution
- deprov-users-deleted.csv: lists each previously deactivated user that was successfully deleted by the script
- deprov-users-deletion-failed.csv: lists each previously deactivated user that was NOT successfully deleted by the script
- active-users.csv: lists each user that was in an active state upon script execution
- active-users-deprovisioned.csv: lists each active user that was successfully deactivated by the script
- active-users-deprovisioning-failed.csv: lists each active user that was NOT successfully deactivated by the script
- active-users-deprovisioned-deleted.csv: lists each active user that was deactivated and then successfully deleted by the script
- active-users-deprovisioned-deletion-failed.csv: lists each active user that was deactivated but NOT successfully deleted by the script
- not-found-users.csv: lists each user from user-list.csv file that was not found as an active or deactivated Okta user