StevenY.58531 (Customer) asked a question.
Hi Everyone,
Trying to use the Okta Expression language to create a group rule that adds users with a specific UPN suffix but excludes deactivated users but cannot seem to find the right expression
IF String.stringContains(user.login, "@Contoso.com") AND (user.login, Deactivated) - Something like that but cannot determine the second part with the correct expression.
Basically, I'm creating a workflow to update 365 attributes to our federated users from Active Directory, but the error handling fails instantly on deactivated users with a 404 error, but I cannot get the error handling to skip past those and continue for the rest of the list, so figured, we would modify the group population rule to exclude deactivated users.
Thank you for the help.
Found this: https://support.okta.com/help/s/question/0D51Y0000AZZxKRSQ1/expression-for-user-status?language=en_US
Looks like user.status can't be used.
What I've done is create a new Okta user attribute called user.userStarted = Boolean.
Then with Okta Workflows when suspending the user I change it from True to False.
So your expression would be:
IF String.stringContains(user.login, "@Contoso.com") AND user.userStarted==true
The user would be removed from the group if user.userStarted==false
Hope it helps.
Bummer. Thanks Steve. Need to figure out another way to accomplish this then.
Do your deactivated users reside in a different AD OU? Maybe you can look at the AD distinguished name of the account
Hi Steven,
Did you find a way to exclude the deactivated users? Let us know.
Thanks,
Priyanka
@StevenY.58531 (Customer) Our customer also want this feature. but still not the expression not support user status. I create the case recently.