<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D5KZ00001aW7TJ0A0Okta Classic EngineAdministrationAnswered2025-11-11T12:07:46.000Z2025-11-09T13:25:21.000Z2025-11-11T12:07:46.000Z

NiviM.71991 (Customer) asked a question.

November 9, 2025 at 1:25 PM
Group Rules Cannot Assign Users to Read-Only Groups

I know that group rules cannot assign users to groups that have admin roles assigned to them or are admin groups.

 

https://help.okta.com/oie/en-us/content/topics/users-groups-profiles/usgp-about-group-rules.htm

 

But I recently came across an issue where I got an error from the API - Group Rules Cannot Assign Users to Read-Only Groups. I'm not sure where this is coming from or how to recreate this issue.

 

What is a read-only group? I've never encountered anything like this before. Any suggestion where to look or what to check for?

  • 4 answers
  • 122 views
NiviM.71991 likes this.

  • Paul S. (Okta, Inc.)

    Hello @NiviM.71991 (Customer)​ Thank you for posting on our Community page!

     

    Read only groups are any groups that are brought into Okta from an external Source, ex: AD groups, MS Groups, etc.

    External groups are groups that no administrator can manage, as they are managed by the external Source.

    It could be that in your API call you have the ID of such a group, and thus receiving the error.

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

  • Paul S. (Okta, Inc.)

    Hello @NiviM.71991 (Customer)​ Thank you for posting on our Community page!

     

    Read only groups are any groups that are brought into Okta from an external Source, ex: AD groups, MS Groups, etc.

    External groups are groups that no administrator can manage, as they are managed by the external Source.

    It could be that in your API call you have the ID of such a group, and thus receiving the error.

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

  • KathyT.73511 (Anthropic Identity)

    If it's not a group that you created in Okta, then you won't be able to add users to it through Group Rules. (except for a group with Admin rights, as you mentioned).

This question is closed.
Loading
Group Rules Cannot Assign Users to Read-Only Groups