<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000A6Hv6xCQCOkta Classic EngineAdministrationAnswered2024-06-30T12:33:41.000Z2024-04-17T16:02:56.000Z2024-04-30T17:43:11.000Z

PaulZ.65756 (Customer) asked a question.

Edited April 17, 2024 at 4:03 PM
Duplicate Everyone group

Somehow we ended up with a secondary group called Everyone in our okta instance. This group is not populated nor referenced, but we have no way of removing or modifying the group - even rename actions via API (using token with Super Admin privileges) fail with {"errorCode":"E0000006","errorSummary":"You do not have permission to perform the requested action","errorLink":"E0000006","errorId":"oaeFYlQ3YTTSDykS22fNT8SeA","errorCauses":[]}.

 

Has anyone hit this issue before and has suggestions on how to approach this issue?

  • 4 answers
  • 431 views

  • TimL.58332 (Workflows)

    @PaulZ.65756 (Customer)​ - I've never seen that behavior. I also don't see any obvious internal asks about this scenario (However, this type of issue is not my wheelhouse and the keywords like everyone are really generic).

     

    Couple questions:

    • Are the groupID's different?
    • Is the group a different type? OKTA_GROUP or APP_GROUP (typically need to query the Groups API to see this-- Default Everyone is "type": "BUILT_IN",)
    • Can you interact with the group at all? Like add/remove a test user?
    • Do you have some sort of OrgtoOrg setup? Like could it have pulled in an Everyone group from an alternate Okta org (I don't even know if this is possible I am just brainstorming)

     

    I would recommend creating a support case for this one with our Management & Monitoring group so someone can look into this further as it is definitely strange.

    Expand Post
    Selected as Best

  • TimL.58332 (Workflows)

    @PaulZ.65756 (Customer)​ - I've never seen that behavior. I also don't see any obvious internal asks about this scenario (However, this type of issue is not my wheelhouse and the keywords like everyone are really generic).

     

    Couple questions:

    • Are the groupID's different?
    • Is the group a different type? OKTA_GROUP or APP_GROUP (typically need to query the Groups API to see this-- Default Everyone is "type": "BUILT_IN",)
    • Can you interact with the group at all? Like add/remove a test user?
    • Do you have some sort of OrgtoOrg setup? Like could it have pulled in an Everyone group from an alternate Okta org (I don't even know if this is possible I am just brainstorming)

     

    I would recommend creating a support case for this one with our Management & Monitoring group so someone can look into this further as it is definitely strange.

    Expand Post
    Selected as Best

  • 5mokn (5mokn)

    Yes, the two groups have different group IDs, different descriptions and only one of them is populated.

  • PaulZ.65756 (Customer)

    Also, I would raise a support ticket except the support center is not recognising me as the Super Admin for the organisation and it will not let me raise support tickets.

  • PaulZ.65756 (Customer)

    Sorry, the expand function was truncating the message without much indication of doing so - here are the answers:

    • Are the groupID's different?
      • yes
    • Is the group a different type? OKTA_GROUP or APP_GROUP (typically need to query the Groups API to see this-- Default Everyone is "type": "BUILT_IN",)
      • original is BUILT_IN, duplicate is APP_GROUP
    • Can you interact with the group at all? Like add/remove a test user?
      • no, I cannot
    • Do you have some sort of OrgtoOrg setup? Like could it have pulled in an Everyone group from an alternate Okta org (I don't even know if this is possible I am just brainstorming)
      • we do have an OrgtoOrg setup, but it is identical on both our instances and we only see this issue on this instance

     

    Expand Post
This question is closed.
Loading
Duplicate Everyone group