Deactivate and delete user accounts
Deleting personal user accounts and user data can help you satisfy data protection and disposal laws in your region. As users are added, reassigned, or terminated, you can deactivate or delete user accounts to limit or remove access to org resources.
Deactivation
When you deactivate a user account, the account status moves from Active to Deactivated. Deactivated users can no longer access their assigned apps. When you reactivate a previously deactivated user account, you might need to reassign some apps to users. You can use group memberships or rules to reassign some apps. Deactivation runs as a background task, and depending on the number of affected users, can take significant time to complete. You can perform multiple deactivation requests at the same time. During deactivation, notifications appear to indicate the progress of all deactivation requests. A notification appears when each deactivation request completes successfully.
Although deactivated users no longer have access to any apps, the users aren't removed from any groups.
Deletion
When you delete a user account, you can't undo the deletion. Also, you can't delete users identified as the technical or billing contact. You can perform multiple deletion requests at the same time. Okta automatically initiates the permanent deletion of Customer Data in 30 days. Any data referencing the user is kept for a period defined by the Okta Data Retention Policy. See Okta Data Retention Policy.
Results summary
This table describes the actions taken when a user is suspended, deactivated, or deleted.
User is suspended | User is deactivated | User is deleted | |
---|---|---|---|
User is no longer able to create sessions, and all active sessions in Okta are stopped. | Yes | Yes | Yes |
User's assigned apps are revoked and the user's app assignments are removed. | No | Yes | Yes |
User's admin roles are revoked and the user is unassigned from the Okta Admin app. | No | Yes | Yes |
User's authentication factors are deactivated and user's authentication factors are removed. | No | No | Yes |
User is removed from all Okta groups, including all app assignments and role assignments through group membership. | No | No | Yes |
User's linked object records where the user was either the source or the link target are deleted. | No | No | Yes |
User's Customer Data records are deleted from Universal Directory. | No | No | Yes |
User isn't visible on the People page and isn't returned in API responses. |
No |
No |
Yes |
User's username (or other custom unique attributes) can be reused. |
No |
No |
Yes |
User and device relationships are deleted. |
No |
No |
Yes |
Deactivate a user account
- In the Admin Console, go to .
- Select the user accounts that you want to deactivate, and click Deactivate Selected.
- In the Deactivate Person dialog box, click Deactivate.
An email that lists all users deactivated in the past 30 minutes is sent to admins. To change a user account that's been deactivated, you must reactivate the account.
Delete a user account
Users must be deactivated before they can be deleted.
- In the Admin Console, go to .
- Optional. Enter a user's first name, primary email, or username in the search field and then click the Search icon.
- Optional. Perform an advanced user search:
- Click Advanced Search.
- Select a search filter in the Choose field list. You can filter your search results by created or updated date and time, or you can select base or custom attributes to filter your results.
- Select a filter option:
- Starts with: Select this option to search for group names that start with specific letters.
- Equals: Select this option to search for group names that are equal to the value you enter.
- Greater than: Select this option to search for group names that are greater than the value you enter.
- Less than: Select this option to search for group names that are less than the value you enter.
- Enter a search value in the Value field.
- Optional. Click Add filter to add a filter and then repeat steps a through d. Click Clear all filters to clear any previously entered filters.
- Click Search.
- Optional. Use the Status menu to filter results by user status.
- Click a username in the Person & Username column.
- Click Delete.
- Click Delete in the Delete Person dialog box.
Related topics
Deactivate users with the Okta API
Deactivate or delete a user with the Okta Java Management SDK
Deactivate or delete a user with the Okta Golang management SDK
Deactivate or delete a user with okta-sdk-nodejs
Deactivate or delete a user with the Okta Python Management SDK