Script to delete user Skip to main content
https://support.okta.com/help/answers?id=9062a000000bmgzqaq&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Nidhin C KNidhin C K 

Script to delete user

Hi Experts,

Is there any powershell script to delete the deactivated users from okta org?
or
Is it possible for Okta engineer to delete the deactivated users on behalf of us if we raise a ticket. We are going Live in next week and we have lots of deactivated users in Okta org and we would like to cleanup those users.

 
James FloresJames Flores (Okta, Inc.)
Hi  Nidhin,

It sounds like the Delete User API call will resolve this for you, http://developer.okta.com/docs/api/resources/users.html#delete-user. You can set this up in Postman and give it a test before writing a program to do it for a larger user base. CAUTION  This action cannot be recovered!

For more information on setting up Postman please visit http://developer.okta.com/docs/api/getting_started/api_test_client.html
Nicole DotyNicole Doty
FYI, I cobbled together a powershells script that we run on a schedule to keep our deactivated users tidy.  I am by no means elegant at scripting, but it works.

# this script uses the Okta module (https://github.com/mbegan/Okta-PSModule)  to get a list of deprovisioned accounts that havent had a status changed in X days and outputs it to a CSV.
# It then users the Okta.Core.Automation module (https://github.com/okta/okta-sdk-dotnet/tree/legacy/Okta.Core.Automation) to delete said accounts from Okta
# not elegant, but functional until there are better powershell tools out there
# Last modified 7/6/17 - Nikki D

#Set the Variables
$TerminatedAccountWhen = ((Get-Date).AddDays(-45)). date
$logfile = "C:\Scripts-IDM\Results\Oktadeactivateduserstargetedfordelete_$((Get-Date).ToString('MM-dd-yyyy_hh-mm-ss')).txt"
$recoveryfile = "c:\scripts-idm\results\oktadeactivate.csv"
$workfile = "c:\scripts-idm\results\workfile.csv"
$path = "C:\Scripts-IDM\Results"
$limit = (Get-Date).AddDays(-95). date

# creating a transcript for auditing
$ErrorActionPreference="SilentlyContinue"
Stop-Transcript | out-null
$ErrorActionPreference = "Continue"
Start-Transcript -path $logfile

#Generating the list with Okta module
$env:PSModulePath
import-module Okta
oktaListDeprovisionedUsers -oOrg prev | where {$_.statusChanged -lt $terminatedaccountwhen} | export-csv -path $recoveryfile -notypeinformation
oktaListDeprovisionedUsers -oOrg prev | where {$_.statusChanged -lt $terminatedaccountwhen} | Select id | export-csv -path $workfile -notypeinformation

#executing delete with core.automation
Import-Module Okta.Core.Automation
Connect-Okta -Token "XXXXXXXXX" -FullDomain "https://yourorg.oktapreview.com"
Import-csv $workfile | % {
Delete-OktaUser $_.id
}

Stop-Transcript

#Clean up old CSVs
Get-ChildItem -Path $path -Recurse -Force | Where-Object { !$_.PSIsContainer -and $_.CreationTime  -lt $limit } | Remove-Item -Force