<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z000071ULjtCAGOkta Identity EngineWorkflowsAnswered2023-11-29T05:37:07.000Z2021-06-22T12:59:08.000Z2021-07-27T10:07:24.000Z

GuyS.49159 (Customer) asked a question.

June 22, 2021 at 12:59 PM
auto-delete all deactivated users

Hello,

I have a script that creates a user for tests. It adds them to a "test user" group that I created. I added a workflow that deactivates all inactive users (after the test is over, 1 day after they will count as inactive, so this is good enough for me) from the "test user" group, which is great. Now I am wondering if there's a way to actually just delete those users? Sadly, the workflow says it will "delete" but it simply deactivates them. I previously asked a question about whether those deactivated users will count towards the 10,000 per month user quota and been told that since they are deactivated, they don't count, but to be sure i'd still like to delete them instead. Is there a way to delete all users from a group / all deactivated users from a group / just all deactivated users in general on a regular basis?

  • 6 answers
  • 3.8K views

    • GuyS.49159 (Customer)

      Hello JohnPaul. That process is manual - it requires getting the csv, parsing it and using postman to delete. I am wondering if there's a more automated process. At the very least, maybe an API that could help me with that (delete all users from group or something).

      • JohnPaulT.67567 (Customer)

        There is a script provided in that link that you can run as a scheduled task to delete the user. You'll just need to add a command to the script to create the csv file. Something similar to this:

         

        oktaListDeprovisionedUsers | where lastupdated -lt $30days | select status, lastupdated -ExpandProperty profile | select login

        Expand Post

  • Alexandra NoemiV.17302 (Customer)

    @GuyS.49159 (Customer)​  I'm very interested in that too, you would think that would be an out of the box use case with the workflows templates...

  • TimL.74832 (Tlaborn)

    "Deleting" a user is staged just like if you were manually doing it through the GUI. To delete a user you have to deactivate them first (one API call) then delete them (second API call)

     

    See the API documentation for Delete User: https://developer.okta.com/docs/reference/api/users/#response-example-29

     

    So if you were to make a flow it would look something like:

     

    1). Locate all users meeting X criteria (in your case inactive)

    2). Use a "for each" to call a child flow

    3). In the child flow perform a deactivate, then a delete

     

     

     

    Expand Post

  • St√©phaneL.00832 (Customer)

    Hi Guys,

    You could use Okta's card "List Group Members" with function card "For each". Then in your child flow you implement your logic, meaning 2 cases (I keep it simple): If account status is "active" then run an API call for deactivation and deletion. Else If account is "Deprovisioned" run API call for deletion.

This question is closed.
Loading
auto-delete all deactivated users