<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Revoking Trust Certificate Using API
Jan 16, 2026
Administration
Okta Classic Engine
Okta Identity Engine
Overview

The goal of this knowledge article is to clarify if there exists an Okta API to Revoke Trust Certificate for users.

Applies To
  • Okta Certificate Authority
  • Revoke Trust Certificate
  • Okta Classic Engine
Cause

Revoke a user's Device Trust certificate(s) from the Okta Certificate Authority if their computer is lost or stolen or if their account is deactivated. If a user's Device Trust certificate has been revoked and their computer needs to be secured again, the revoked certificate must be removed from their computer before enrolling a new certificate.

Solution

Currently, there is no API to perform this functionality; therefore, the UI alternative will have to be used as follows: 

  1. Navigate to the Admin Console.
  2. Go to Directory > People
  3. Click a user name in the Person & Username column.
  4. Click More Actions and select Revoke Trust Certificate.
  5. Click Revoke Trust Certificate.

 

Related References

 

Recommended content

Still looking for help?
Loading
Revoking Trust Certificate Using API