How to Perform a Bulk Delete of Okta Users With API Skip to main content
https://support.okta.com/help/oktaarticledetailpage?childcateg=&id=ka02a000000bnl2sai&source=documentation&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fdocumentation%2fknowledge_article%2fhow-to-perform-a-bulk-delete-of-okta-users-with-api
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Average Rating:
How to Perform a Bulk Delete of Okta Users With API
Published: Jul 18, 2017   -   Updated: Aug 8, 2017

Disclaimer: an Okta user deletion is a permanent process that cannot be reversed. Use these scripts at your own risk. All scripts are provided AS IS without warranty of any kind. Okta disclaims all implied warranties including, without limitation, any implied warranties of fitness for a particular purpose. We highly recommend testing scripts in a preview environment if possible.

General Guidelines
Using the Sample Script

General Guidelines


Though Okta recommends utilizing the Okta Admin console to perform individual user deletions, the Okta GUI currently does not facilitate deleting multiple users at once. However, our API can be leveraged to perform bulk user deletions in a variety of ways. In general, the recommended process is as follows:
  1. Create an API Token (please see our API Guide for details)
  2. Compile a CSV file consisting of users to be deleted
  3. Construct a script that performs a Delete User command for each of the users contained in the above CSV file
    • Note that the API can be leveraged to deactivate and then delete the user within the same script, whereas the GUI can only delete a user that is in a deactivated state.
A developer can consult our API Reference Guide when constructing a script that best suits your organization's needs.

Using the Sample Script


If you do not have a developer on staff, we have created a Powershell script that will delete users (Deactivated or Activated) whose usernames are provided in a "user-list.csv" file.  Please note that due to a wide variety of scenarios that can present a need to delete multiple users, this CSV file must be compiled by the customer. One very simple way to retrieve a CSV file of all Okta users is to download the Okta Password Health CSV that can be found in Reports > Okta Usage.  This CSV file can then be trimmed accordingly (by deleting all rows consisting of Active users, for example).

To run the script:
  1. Download the GitHub Repository and extract the files to a folder of your choice (we recommend a short path such as C:\OktaScripts to simplify typing it in Powershell)
  2. Add the full Okta usernames of the users you want to delete in the column named "login" inside users-list.csv.  This column can contain either Active or Deactivated/Deprovisioned users.
  3. Open PowerShell and change the directory to the path where the above files were saved
  4. Run this command: .\delete-ps1 –orgurl "YourOktaTenantURL" -apikey “YourApiToken” -filepath “user-list.csv".  

    • Replace YourOktaTenantURL with your entire Okta URL, and YourApiToken with the API Token you've generated.
    • user-list.csv can be replaced by the CSV file of your choice.  The script requires that the CSV file has a "login" column that contains the username of each user that is to be deleted.  Additional columns can exist in the CSV file and will be ignored by the script.

For auditing purposes, the script will create some or all of following log files in the directory that contains the Powershell script, depending on the status of users deleted and whether the delete operation succeeded or failed.  These files will be placed in a "Logs" subdirectory within the same directory that contains the Powershell script.  Note that these files cannot be used to roll back changes performed by the script.
  • ​deprov-users.csv: lists each user that was in a deactivated state upon script execution
  • ​deprov-users-deleted.csv: lists each previously deactivated user that was successfully deleted by the script
  • deprov-users-deletion-failed.csv: lists each previously deactivated user that was NOT successfully deleted by the script
  • active-users.csv: lists each user that was in an active state upon script execution
  • active-users-deprovisioned.csv: lists each active user that was successfully deactivated by the script
  • active-users-deprovisioning-failed.csv: lists each active user that was NOT successfully deactivated by the script
  • active-users-deprovisioned-deleted.csv: lists each active user that was deactivated and then successfully deleted by the script
  • active-users-deprovisioned-deletion-failed.csv: lists each active user that was deactivated but NOT successfully deleted by the script
  • not-found-users.csv: lists each user from user-list.csv file that was not found as an active or deactivated Okta user

Reminder: an Okta user deletion is a permanent process that cannot be reversed. Use these scripts at your own risk. All scripts are provided AS IS without warranty of any kind. Okta disclaims all implied warranties including, without limitation, any implied warranties of fitness for a particular purpose. We highly recommend testing scripts in a preview environment if possible.

Post a Comment