<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Deactivate All Users with Specific UPN Suffix
Apr 25, 2025
Administration
Okta Identity Engine
Overview
The goal of this document is to explain how to deactivate all users with a specific UPN suffix using group rules.
Applies To
  • Administration
  • Group Rules
  • Deactivation
Cause
 
Solution
1. Navigate to the Admin Console.
2. Navigate to Directory > Groups.

Groups

3. Click on the Add group.

 

4. For group name, enter something like <UPN_SUFFIX> users * Replace <UPN_SUFFIX> with the UPN Suffix.

Add group

5. Click Save.
6. Click the Rules tab.
7. Click Add Rule.
 
Groups

8. For rule Name, enter something like Add <UPN_SUFFIX> users to group * Replace <UPN_SUFFIX> with the UPN Suffix.

Add Rule

9. For IF, select the Use Okta Expression Language (advanced) radio button.
10. Enter the following EL: String.substringAfter(user.login, "@")=="<UPN_SUFFIX>" *Replace <UPN_SUFFIX> with the UPN Suffix.
Okta Expression Language
11. For the Assign To field, enter the name of the group created in Step 4:  <UPN_SUFFIX> users.
12. If desired to exclude any users from being added to the group, add them to the field EXCEPT The following users. * NOTE: Enter an Okta user to preview this rule and click Preview to verify the rule functions correctly.
13. Click Save.

<UPN_SUFFIX> users

14. Next to the newly created rule, click Actions Activate.

Groups

15. Now, there will be a group called <UPN_SUFFIX> users. Verify the users in the group by navigating to Directory Groups and clicking on the group.

Groups

16. To deactivate all users in the <UPN_SUFFIX> user group, navigate to Directory People.
People
17. Click More actions Deactivate.
People

18. To the right of the Search by person field, click the drop-down menu to change it from Search by person to Search by group.

Deactivate people

19. In the search field, enter the group name created in step 4: <UPN_SUFFIX> users.
20. Verify all users shown are the users with the UPN Suffix that need to be deactivated.
21. Select all users by clicking the checkbox to the left of Person & Username.
22. Scroll down and click Deactivate Selected to deactivate all users in the group.

Deactivate people

23. Click Deactivate to confirm deactivation.

Deactivate person


Related References


 

Recommended content

Still looking for help?
Loading
How to Deactivate All Users with Specific UPN Suffix