In certain scenarios, a group rule may hit the limit of users allowed in the exception list (100 users). Once the limit is reached, an admin must manually remove the users from that list.

• Group Rules
• Lifecycle Management

If Admins manually remove a rule-managed user from a group, that user is automatically added to the group rule exception list. The group rule exception list for specific group rules can be viewed under the "Except The following users" for that rule.

To remove a user from the exception list, Admins will need to:

1. Deactivate the group rule (existing rule-managed users will still retain their membership in the group).

2. Edit the group rule. 

3. Remove the desired users from the Except The following users section of the group rule.

4. Reactivate the group rule.

NOTE: If there is a significant number of users in the group rule exception list and these need to be cleared, this can be done with the Okta API. Steps on how to do this are available in Bulk Remove Users from Group Rule Exceptions via API.

Related References

• Is there a limit to the number of users that can be added to the exception list in a group rule?
• Bulk Remove Users from Group Rule Exception via API