This article explains the behavior of device deactivation and deletion in the Okta Identity Engine (OIE). It addresses inquiries regarding why some devices without associated users remain in the organization while others are removed.

• Okta Identity Engine (OIE)
• Device Management
• Okta Workflows
• Application Programming Interface (API)

Okta does not automatically delete devices. If devices are being deleted, this action is typically performed by configured Okta Workflows.

To manage and verify device status, perform the following steps:

1. If a device is deactivated but remains active in the Okta Admin Console, verify that the device ID matches the ID intended for deactivation.
2. To identify devices with no associated users, use the Okta Devices API with the expand=userSummary parameter.
3. Review the API response for any entries where _embedded.users is null.

To identify devices without users, an API request can be made to retrieve a list of devices with their associated user summaries.

Example API Request

Use the following GET request to retrieve devices and their associated user information:

GET https://<okta-domain>/api/v1/devices?expand=userSummary

Example API Response (Devices with No Users)

In the response body, locate the _embedded object for each device.

If the device has no associated users, the users attribute within _embedded will be null or an empty list:

{
    "id": "<device id>",
    "status": "ACTIVE",
    "profile": {
        "displayName": "Work-Laptop-01",
        "platform": "WINDOWS"
    },
    "_embedded": {
        "users": null
    }
}