RashadR.45204 (Customer) asked a question.
Users with a deactivated status is showing up in a active status list
Not sure if this is a workflow issue.
I created a workflow that gives me a list of active users that haven't logged into their Okta account in x number of days. The workflow runs as intended, and I got partially what I needed.
The issue is that my list is showing me deactivated users and reporting these accounts are active.
When I go to their Okta profile, I see their status is deactivated.
I don't believe it's a workflow issue but is there anyway to refresh Okta's accounts so when I pull reports I'm getting proper data ?
Hi @RashadR.45204 (Customer) , Thank you for reaching out to the Okta Community!
I found this older post that discussed the creation of a workflow that checks for inactive users.
Perhaps this offres some insights on how this use case can be approached.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
@RashadR.45204 (Customer) -- Based on the post description you may have a logic problem in how you are collecting data. However, since no reference to the GET operation being used to collect users is available so I am only assuming.
>I created a workflow that gives me a list of active users that haven't logged into their Okta account in x number of days.
This sounds like you are evaluating lastLogin top-level property. This isn't a top-level property that can be filtered/searched against. From the Users endpoint the only top level properties that can be leveraged are:
So I am not sure how you are accomplishing this. Did you create a custom attribute that maintains user logins? Something along the line of this article?
https://support.okta.com/help/s/article/Howto-Properly-Identify-Inactive-Users-Using-Okta-Workflows-For-IdP-or-SP-Initiated-Login?language=en_US
Additionally calling the User's API is "inclusive". There isn't an option to filter/search by "not equals" or "is empty" but if you specify a valid filter it will include only the specified value. For example if you wanted every status except "Deactivated/Deprovisioned" you you would need to build out an inclusive custom search query like such:
(status eq "Recovery" OR status eq "Staged" OR status eq "Provisioned" OR status eq "Locked Out" OR status eq "Password Expired" OR status eq "Suspended" OR status eq "Active")
Thank you both for responding.
Here is a picture of my search criteria
This is the only search criteria I have.
show me all users whose status == ACTIVE
when my list is generated, it shows active users and users that I deactivated a couple days ago but it shows them as status == ACTIVE in my table.
When I search the users on Okta the drop-down menu shows the user as active. When I click on the user to view their profile, it says deactivated. If I repeat these steps, it shows the user as deactivated.
User A is active my table shows USER A active (Intended)
User B was deactivated two days ago; my table shows USER B active (Not Intended)
User C was deactivated 6 months ago; my table doesn't show USER C. (Intended)
Hopefully this is clear.
@RashadR.45204 (Customer) - All that card is doing is performing an API Query and receiving results from your tenant using the following methodology:
https://developer.okta.com/docs/reference/user-query/
Example Query: /api/v1/users?search=status%20eq%20%22ACTIVE%22
If the second or third bullet comes back as "Obtaining users that are not ACTIVE" I would recommend opening a support case.