SreeR.28497 (Customer) asked a question.
I have a requirement to have a Group that adds members automatically. We have test accounts (with the phrase test), admin accounts (-a in the phrase), etc that we don't want to add to the group. we have been using everyone group in the app assignment but app folks are complaining that there are too many of these unwanted accounts in the group consuming license in the aps. How can i do it? Is there a workflow?
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
May Okta Community Buzz
Stay ahead of the curve with Okta for AI Agents, new Okta Learning live sessions and labs, shout-outs, and top trending topics—all aimed at enriching your Okta journey.
@SreeR.28497 (Customer) - I am not fully understanding the requirements of the use case.
First, the default "Everyone" group is always going to show every single user in your Okta tenant. The only way to remove a user from "Everyone" is to Deactivate&Delete the user from your tenant.
If you are talking about having a subset of users that are added to a custom group that meet some sort of conditions you would want to look into using a Group Rule and Okta Expression Language (OEL).
Here is a simple example where every user that has a login that doesn't contain the sequence (-a) such as first.last-a@domain is added into a group:
!String.stringContains(user.login, "-a")
Keep in mind this example is going to look for that sequence anywhere in the string. So a hyphenated login such as john.smith-apple@domain or john.smith@login-appletech would also be found.
I tried that but it didn’t work
Here are my observations
I first tried with “String.stringContains(user.login, "-a")” and did a preview by putting a Non -a account, and it says “Doesn’t match rule)
But then when I put what you suggested “!String.stringContains(user.login, "-a")”, if I put -a it says matches rule, and I put a Non-a account as well it says it matches rule.
Regards,
sree
Hello Sree,
The value reads as: !String.stringContains(user.login, "-a")
Condition is met if string value "user.login" does not contain the sequence -a. I would expect it to put all non -a accounts into the group (My testing confirmed this). If you already had done the test without the ! not symbol and placed the -a users into the group then "Disabled, modified, enabled" the group rule after adding the ! not symbol it may take a bit of time for the originally added users to be removed that "matched" on the previous iteration of the rule. Each user add/removal is a single API call.
The thing I didn't test is case sensitivity. For example I don't know if -A would match "-a" evaluation. I suspect it won't. To get around this you can do the following (which I just tested successfully)
String.stringContains(String.toLowerCase(user.login), "-a")
This placed my two test users into the group that have login values of:
group.user-AA@domain.com
group.user-a@domain.com
Switching it to: !String.stringContains(String.toLowerCase(user.login), "-a")
After waiting a bit added about 1000 users to the group and removed the 2 users listed above. Note: If you had 10k users it take 5+ minutes, 100k users could be hours, 1 million+ users could be days for the full add/remove process to the group finishes.
However it is adding deactivated users as well. Anyway we can exclude them?
Thanks
Sree