Deactivate and delete user accounts

Deleting personal user accounts and user data can help you satisfy data protection and disposal laws in your region. As users are added, reassigned, or terminated, you can deactivate or delete user accounts to limit or remove access to org resources.

When you deactivate a user account, the account status moves from Active to Deactivated. Deactivated users can no longer access their assigned applications. When you reactivate a previously deactivated user account, you might need to reassign some apps to users. Some apps might be reassigned by group memberships or rules. Deactivation runs as a background task, and depending on the number of users being deactivated, can take significant time to complete. You can perform multiple deactivation requests at the same time. During deactivation, notifications appear indicating the progress of all deactivation requests. A notification appears when each deactivation request completes successfully.

When you delete a user account, a deletion cannot be undone. Users identified as the technical or billing contact cannot be deleted. Multiple deletion requests can be performed at the same time. The permanent deletion of Customer Data is automatically initiated in 30 days. Any data referencing the user is kept for a period defined by the Okta Data Retention Policy. See Okta Data Retention Policy.

This table describes the actions taken when a user is suspended, deactivated, or deleted.

  User is suspended User is deactivated User is deleted
User is no longer able to create new sessions, and all active sessions in Okta are stopped Yes Yes Yes
User’s assigned applications are revoked and the user’s app assignments are removed No Yes Yes
User’s admin roles are revoked and user is unassigned from the Okta Admin app No Yes Yes
User’s authentication factors are deactivated and user’s authentication factors are removed No No Yes
User is removed from all Okta groups, including all app assignments and role assignments through group membership No No Yes
User’s linked object records where the user was either the source or the link target are deleted No No Yes
User's Customer Data records are deleted from Universal Directory No No Yes

User is not visible on the People page and is not returned in API responses




User’s username (or other custom unique attributes) can be reused




User and device relationships are deleted




Deactivate a user account

  1. In the Admin Console, go to Directory > People > More Actions > Deactivate.
  2. Select the user accounts you want to deactivate, and click Deactivate Selected.
  3. In the Deactivate Person dialog box, click Deactivate

An email listing all users deactivated in the past 30 minutes is sent to admins. After you deactivate a user account, you need to reactivate it to make changes to it.

Delete a user account

Note: Users must be deactivated before they can be deleted.

  1. In the Admin Console, go to Directory > People.
  2. Optional. Enter a user's first name, primary email, or username in the search field and then click the Search icon.
  3. Optional. Perform an advanced user search:
    1. Click Advanced Search.
    2. Select a search filter in the Choose field list. You can filter your search results by created or updated date and time, or you can select base or custom attributes to filter your results.
    3. Select a filter option:
      • Starts with: Select this option to search for group names that start with specific letters.
      • Equals: Select this option to search for group names that are equal to the value you enter.
      • Greater than: Select this option to search for group names that are greater than the value you enter.
      • Less than: Select this option to search for group names that are less than the value you enter.
    4. Enter a search value in the Value field.
    5. Optional. Click Add filter to add an additional filter and then repeat steps a to d. Click Clear all filters to clear the ones you have already entered.
    6. Click Search.
  4. Optional. Use the Status menu to filter results by user status.
  5. Click a user name in the Person & Username column.
  6. Click Delete.
  7. Click Delete in the Delete Person dialog box.

Related topics

Deactivate users with the Okta API

Deactivate or delete a user with the Okta Java Management SDK

Deactivate or delete a user with the Okta Golang management SDK

Deactivate or delete a user with okta-sdk-nodejs

Deactivate or delete a user with the Okta Python Management SDK

Delete users with the Okta API

Okta Languages and SDKs