This article will explain why some Okta groups have the message below displayed and cannot be modified via the Okta Admin Console:
The group's membership cannot be modified because the group is managed automatically by Okta
- Okta Admin Console
- User Lifecycle Management
- Okta group cannot be modified in Admin Console
This message indicates that the group is an app-imported group that was imported from an external application or directory integration source, with the Import Group or Refresh App Groups feature supported. In this case, the group membership/details can only be managed via an external group source.
To verify from which application the group is imported, please check the Okta System Event Log by using the following search query:
eventType eq "app.user_management" and target.displayName eq "{SPECIFY_APP_GROUP_NAME_HERE}"Since an app-imported group or group membership cannot be removed manually from the Okta Admin Console:
- If it is necessary to delete one specific app-imported group, please follow the steps mentioned in How to Delete an Unwanted Group via API Using Postman.
- If it is necessary to remove all previously imported app groups in bulk from a specific app, please follow How to Remove Groups that Were Imported from an Application into Okta.
