<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Remove a User from a Group Rule Exclusion List using Okta API
Apr 9, 2025
Lifecycle Management
Okta Classic Engine
Okta Identity Engine
Overview

This guide explains how to remove a user from the exclusion list of a group membership rule using the Okta API. Postman is the API platform that will be used in the examples provided. 

NOTE: Postman is a third-party tool. Okta is not responsible for any changes to the application, and Support cannot troubleshoot issues with it.

Applies To
  • Groups
  • Group Rules
  • Okta API
Cause

A user is automatically added to the group membership exclusion list in cases where the following criteria requirements are met:

  1. The user was assigned to the group using a group membership rule.

  2. The user is manually removed from the group.

When a user is removed from a group that was assigned using a group rule, Okta System (System Principal) will add the user to the group rule exclusion list with the message:

User added to exclusion list for group rule.

The user can also be manually added or removed from the exclusion list by following the steps below over the User Interface (UI). Please see How to Remove a User From a Group Rule Exclusion List for more information.


Due to display limitations where not all users are displayed, please follow the below solution steps. 

Solution

To ensure proper functionality leveraging OAuth/OIDC, for the best security, please follow How to Integrate Postman with Okta to set that up.
Use the Okta API Groups Collection.

Log in to Admin Console > Directory > Groups > Rules > Identify the rule intended to update and note the name. 

In Postman: 

  1. Run GET List rules with search: <<url>>/api/v1/groups/rules?search=<<ruleNameKeyword>> replacing the ruleNameKeyword parameter with the rule name.

Get List Rules

 

  1. From the Response body to previous call, note the Rule ID. This will be used across the following steps.
  2. Run POST Deactivate rule: <<url>>/api/v1/groups/rules/<<id>>/lifecycle/deactivate. Replace with rule ID collected in the previous step. 
  3. Run PUT Update rule using the basic condition: <<url>>/api/v1/groups/rules/<<id>> replacing with the target rule ID. 

Build the request Body providing the required details along any other rule conditions, this can be reviewed from the response body on the initial GET call. 

Under the parameter exclude: [] under users, please identify the required user ID/s to be removed/added and update accordingly. Then, proceed to run the call. 

PUT Update Rule

  1. Run POST Activate rule: <<url>>/api/v1/groups/rules/<<id>>/lifecycle/activate replacing with the rule ID in question.  

 

Related References

​​​​​​

 

Recommended content

Still looking for help?
Loading
How to Remove a User from a Group Rule Exclusion List using Okta API