<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Suspended Users Automatically Unsuspended When Viewing the User's Profile in Okta
Mar 16, 2026
Okta Classic Engine
Directories
Okta Identity Engine
Overview

When Just In Time (JIT) Provisioning is enabled on a directory integration that is configured to reactivate suspended users, Okta automatically unsuspends users who are still active in the directory source when an admin views their profile. Disabling the Reactivate suspended Okta users setting prevents this behavior.

An admin views a suspended Active Directory (AD) or Lightweight Directory Access Protocol (LDAP)-sourced user's profile, and Okta automatically unsuspends the user without any deliberate reactivation action.

Applies To
  • Okta Classic Engine
  • Okta Identity Engine (OIE)
  • Active Directory (AD)
  • LDAP
  • Directory Integrations
  • Just In Time (JIT) Provisioning
  • Suspended users
Cause

When an admin views a suspended user's profile that is sourced from a directory integration with JIT Provisioning enabled, Okta triggers a Real-Time Sync event. This event imports the user's profile from the directory source. If the user's profile remains active in the directory source and the directory is configured to reactivate suspended Okta users, Okta automatically reactivates the user's profile.

Solution

How is the automatic reactivation of suspended users prevented?

Disabling the Reactivate suspended Okta users setting prevents Okta from automatically reactivating suspended users during a Real-Time Sync event.

Follow these steps to disable the setting:

  1. Go to Directory > Directory Integrations and select the affected AD or LDAP instance.
  2. Select the Provisioning tab, select To Okta, and navigate to Profile & Lifecycle Sourcing.
  3. Click Edit, then clear the When a user is reactivated in the app: Reactivate suspended Okta users checkbox.

When a user is reactivated in the app: Reactivate suspended Okta users

NOTE: If the When a user is deactivated in the app option is set to Suspend, Okta cannot activate users who were deactivated in the application unless Reactivate suspended Okta users is enabled. If the org is configured to suspend users who are deactivated in the app, keep the When a user is reactivated in the app: Reactivate suspended Okta users option enabled, and ensure that directory-sourced users are not suspended in Okta only. Instead, deactivate users in the app so that Okta can reactivate them when their directory profile is activated.

Recommended content

Still looking for help?
Loading
Suspended Users Automatically Unsuspended When Viewing the User's Profile in Okta