Deactivate and delete user accounts

Deleting personal user accounts and user data can help you satisfy data protection and disposal laws in your region. As users are added, reassigned, or terminated, you can deactivate or delete user accounts to limit or remove access to org resources.

When you deactivate a user account, the account status moves from Active to Deactivated. Deactivated users can no longer access their assigned applications. When you reactivate a previously deactivated user account, you'll need to reassign apps to the user. Deactivation runs as a background task, and depending on the number of users being deactivated, can take significant time to complete. You can perform multiple deactivation requests at the same time. During deactivation, notifications appear indicating the progress of all deactivation requests. A notification appears when each deactivation request completes successfully.

When you delete a user account, a deletion cannot be undone. Users identified as the technical or billing contact cannot be deleted. Multiple deletion requests can be performed at the same time. The permanent deletion of Customer Data is automatically initiated in 30 days. Any data referencing the user is kept for a period defined by the Okta Data Retention Policy. See Okta Data Retention Policy.

This table describes the actions taken when a user is suspended, deactivated, or deleted.

  User is suspended User is deactivated User is deleted
User is no longer able to create new sessions, and all active sessions in Okta are stopped Yes Yes Yes
User’s assigned applications are revoked and the user’s app assignments are removed No Yes Yes
User’s admin roles are revoked and user is unassigned from the Okta Admin app No Yes Yes
User’s authentication factors are deactivated and user’s authentication factors are removed No No Yes
User is removed from all Okta groups, including all app assignments and role assignments through group membership No No Yes
User’s linked object records where the user was either the source or the link target are deleted No No Yes
User's Customer Data records are deleted from Universal Directory No No Yes

User is not visible on the People page and is not returned in API responses

No

No

Yes

User’s username (or other custom unique attributes) can be reused

No

No

Yes

User and device relationships are deleted

No

Yes

Yes

Deactivate a user account

  1. In the Admin Console, go to Directory > People > More Actions > Deactivate.
  2. Select the user accounts you want to deactivate, and click Deactivate Selected.
  3. In the Deactivate Person dialog box, click Deactivate

An email listing all users deactivated in the past 30 minutes is sent to admins. After you deactivate a user account, you need to reactivate it to make changes to it.

Delete a user account

  1. In the Admin Console, go to Directory > People.
  2. Click a user name in the Person & Username column.
  3. Click Delete.
  4. Click Delete in the Delete Person dialog box.

Related topics

Deactivate users with the Okta API

Deactivate or delete a user with the Okta Java Management SDK

Deactivate or delete a user with the Okta Golang management SDK

Deactivate or delete a user with okta-sdk-nodejs

Deactivate or delete a user with the Okta Python Management SDK

Delete users with the Okta API

Okta Languages and SDKs