Okta push groups are used to manage groups and memberships in downstream applications. This article addresses an issue where group memberships cannot be revoked or managed for users who are no longer assigned to the application in Okta or are deactivated in the downstream application.

• Group Push
• Application User Management

The default behavior for Group Push only targets active application user profiles.

The following manual workarounds are available:

• Manually add or remove the user from the group directly within the downstream application.
• Add or remove the application user from the Okta group before deactivating the user.
• Temporarily reactivate the application user before performing the Group Push operation.

If manual workarounds are not feasible, please contact support to enable a feature flag that modifies the default behavior to allow group pushes to occur for application user profiles marked as inactive.