User Statuses in the Okta Admin Console
Mar 20, 2026
Administration
Okta Classic Engine
Okta Identity Engine
All Engines
Overview
The various user statuses that can be viewed in the Okta Password Health Report are described in this article. These statuses can also be seen in the Okta Admin Console on the People page and on each user's Profile page.
Applies To
- Reporting
- User Management
- Okta Classic Engine
- Okta Identity Engine (OIE)
Solution
What do the different user statuses mean?
The Okta Password Health Report contains multiple user statuses. Review the following table or watch the video for an explanation of each status:
| API Status |
Admin Console Label | Cause |
|---|---|---|
| Staged | Staged | Accounts have a staged status when they're first created, before the activation flow is initiated, or if there's a pending admin action. |
| Provisioned | Pending user action | Accounts have a provisioned status, but the user hasn't provided verification by clicking through the activation email or provided a password. |
| Active | Active | Accounts have an active status when:
|
| Recovery | Password reset | Accounts have a recovery status when an admin requests a password reset. |
| Password Expired | Password expired | Accounts have a password-expired status when the password has expired, and the account requires an update to the password before a user is granted access to apps. |
| Locked out | Locked out | Accounts have a locked-out status when the user exceeds the number of login attempts defined in the login policy. |
| Suspended | Suspended | Accounts have a suspended status when an admin explicitly suspends them. The user can't access apps, the Admin Console, or the Okta End-User Dashboard. App assignments are unaffected, and the user profile can be updated. |
| Deprovisioned | Deactivated | Accounts have a deprovisioned status when an admin explicitly deactivates or deprovisions them. All app assignments are removed, and the password is permanently deleted. |
