Deactivate and delete user accounts
Deleting personal user accounts and user data can help you satisfy data protection and disposal laws in your region. As users are added, reassigned, or terminated, you can deactivate or delete user accounts to limit or remove access to org resources.
About deactivation
When you deactivate a user account, the account status moves from Active to Deactivated. Deactivated users can no longer access their assigned applications. When you reactivate a previously deactivated user account, you might need to reassign some apps to users. Some apps can be reassigned by group memberships or rules. Deactivation runs as a background task, and depending on the number of affected users, can take significant time to complete. You can perform multiple deactivation requests at the same time. During deactivation, notifications appear to indicate the progress of all deactivation requests. A notification appears when each deactivation request completes successfully.
Although deactivated users no longer have access to any apps, the users aren't removed from any groups unless they're subsequently deleted.
About deletion
When you delete a user account, the deletion can't be undone. Users identified as the technical or billing contact can't be deleted. You can perform multiple deletion requests can be performed at the same time. The permanent deletion of Customer Data is automatically initiated in 30 days. Any data referencing the user is kept for a period defined by the Okta Data Retention Policy. See Okta Data Retention Policy.
Results summary
This table describes the actions taken when a user is suspended, deactivated, or deleted.
User is suspended | User is deactivated | User is deleted | |
---|---|---|---|
User is no longer able to create new sessions, and all active sessions in Okta are stopped. | Yes | Yes | Yes |
User's assigned applications are revoked and the user's app assignments are removed. | No | Yes | Yes |
User's admin roles are revoked and user is unassigned from the Okta Admin app. | No | Yes | Yes |
User's authentication factors are deactivated and user's authentication factors are removed. | No | No | Yes |
User is removed from all Okta groups, including all app assignments and role assignments through group membership. | No | No | Yes |
User's linked object records where the user was either the source or the link target are deleted. | No | No | Yes |
User's Customer Data records are deleted from Universal Directory. | No | No | Yes |
User is not visible on the People page and is not returned in API responses. |
No |
No |
Yes |
User's username (or other custom unique attributes) can be reused. |
No |
No |
Yes |
User and device relationships are deleted. |
No |
No |
Yes |
Deactivate a user account
- In the Admin Console, go to .
- Select the user accounts you want to deactivate, and click Deactivate Selected.
- In the Deactivate Person dialog box, click Deactivate.
An email listing all users deactivated in the past 30 minutes is sent to admins. After you deactivate a user account, you need to reactivate it to make changes to it.
Delete a user account
Users must be deactivated before they can be deleted.
- In the Admin Console, go to .
- Optional. Enter a user's first name, primary email, or username in the search field and then click the Search icon.
- Optional. Perform an advanced user search:
- Click Advanced Search.
- Select a search filter in the Choose field list. You can filter your search results by created or updated date and time, or you can select base or custom attributes to filter your results.
- Select a filter option:
- Starts with: Select this option to search for group names that start with specific letters.
- Equals: Select this option to search for group names that are equal to the value you enter.
- Greater than: Select this option to search for group names that are greater than the value you enter.
- Less than: Select this option to search for group names that are less than the value you enter.
- Enter a search value in the Value field.
- Optional. Click Add filter to add an additional filter and then repeat steps a to d. Click Clear all filters to clear the ones you have already entered.
- Click Search.
- Optional. Use the Status menu to filter results by user status.
- Click a user name in the Person & Username column.
- Click Delete.
- Click Delete in the Delete Person dialog box.
Related topics
Deactivate users with the Okta API
Deactivate or delete a user with the Okta Java Management SDK
Deactivate or delete a user with the Okta Golang management SDK
Deactivate or delete a user with okta-sdk-nodejs
Deactivate or delete a user with the Okta Python Management SDK