group rules not being applied to all users Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Tom ShueeTom Shuee 

group rules not being applied to all users

I have a All Users group and this the rule states if a users has  then add to this group. The user is in AD correctley. and the user is in OKTA but not being added to the group which has apps assigned to it. Right now i have manually added the apps for him. but wondering why he and a few others are not getting added like everyone else.
   User was deactivated at one point but has since been reactivated. I don't want to open a ticket if I don't have to for what I'm hooping is something simple that I'm over looking

Thanks All!
Theo ChimbgaTheo Chimbga
Hi Tom,
It would seem that however improbable, the affected users are not satisfying the rule criteria. To check this, verify that the user’s attribute does indeed contain the substring. You do this by selecting Directory | People on the Admin menu, searching for the affected user, opening their properties and clicking on the Profile tab. The reason you might want to do this is that just because the AD user has the correct value does not mean that value is flowing into the Universal Directory user account. That could be due to an attribute mapping on the AD agent not working properly. Also check that there is no other user having the same attribute value, in case the attribute in question is one like primary email which does not allow duplicates.
Another check you can perform is to preview the affected user. Since you cannot edit the rule without making it inactive, you can go through the steps of creating another similar rule but not save it. In other words, select Directory | Groups, and click on the Rules tab then click Add Rule. Name it Test, set the same IF and THEN conditions as the existing rule then down at the bottom in the “Enter an Okta user to preview this rule” field search for the user. If you get a result “User doesn’t match rule” then there is a problem with the attribute value. If you get result “User matches rule”, there is something else going on. Click Cancel to discard the test rule.
Hope this helps