<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Okta Workflow "Remove User from group" Card Causes "403 Forbidden" Error
Jan 12, 2026
Workflows
Okta Classic Engine
Okta Identity Engine
Overview
When running the Okta workflow card Remove User from group to remove a user from the associated Okta groups, the flow fails with the error:

403 Forbidden
You do not have permission to perform the requested action.

 
Applies To
  • Okta Workflows
Cause

This error is thrown when the Workflow attempts to remove a user from a built_in or Application group. The Remove User from group card can only remove users from Okta groups.

Solution

Add conditional logic to ensure that the group type is OKTA_GROUP

For example, adding a Continue If card to confirm group type can be used as shown in the following screenshot:

 Group Type Check  

 

Recommended content

Still looking for help?
Loading
Okta Workflow "Remove User from group" Card Causes "403 Forbidden" Error