<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Bulk Remove Users from Group Rule Exceptions via API
Mar 19, 2025
Lifecycle Management
Okta Classic Engine
Okta Identity Engine
Overview

A recommended way to remove users from group rule exceptions via API is to use Postman, the Okta Groups API.

NOTE: 

  • Admins can only update rules with status='INACTIVE'.
  • Postman should be used at one's own risk. All included steps are provided as is without warranty of any kind. Okta disclaims all implied warranties, including, without limitation, any implied warranties of fitness for a particular purpose. Okta strongly recommends testing Postman with a small set of group rules before running the call for a large batch of group rules. 
Applies To
  • Okta Groups API
  • Postman
  • Group Rules
Solution

Prerequisites: 


For the removal of all users from a group rule's exception list, Admins can leverage the following API endpoint:  

PUT /api/v1/groups/rules/${ruleId}

 

In the request body, similar to what is shown in the screenshot below (includes the request and response), please include the following appropriate details, as needed. An example of the request body sent can be found below: 

curl -v -X PUT \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-d '{
  "type": "group_rule",
  "id": "0pr3f7zMZZHPgUoWO0g4",
  "status": "INACTIVE",
  "name": "Engineering group rule",
  "conditions": {
    "people": {
      "users": {
        "exclude": []
      },
      "groups": {
        "exclude": []
      }
    },
    "expression": {
      "value": "user.role==\"Engineer\"",
      "type": "urn:okta:expression:1.0"
    }
  },
  "actions": {
    "assignUserToGroups": {
      "groupIds": [
        "00gjitX9HqABSoqTB0g3"
      ]
    }
  }
}'

 

A screenshot of the PUT request, with the appropriate endpoint and the response (bottom half of screenshot): 
PUT request 


Once admins run the API call, the UI will reflect the users that have been removed from the group rule exception list. 

exception list 


Related References

 
 

Recommended content

Still looking for help?
Loading
Bulk Remove Users from Group Rule Exceptions via API