Manage users

Early Access release

You can add users manually in the portal, assign them apps and groups, and manage their profiles. When you add users using this method, they'll also be added to your realm.

Before you begin

Ensure you're signed in to the portal as super admin, org admin, or partner admin.

Add users

Go to Users Add user.
Fill in the following information:
- User type: Select a user type from the User type list, or use the default setting. See Custom user types in Universal Directory.
- First name: Enter the user's first name.
- Last name: Enter the user's last name.
- Username: Enter the user's username in email format.
- Primary email: Enter the user's primary email if it's different from their username.
- Secondary email: Optional. Enter a secondary email to allow the user to access information when their primary email is unavailable.
- Groups: Optional. Enter the groups to which the user belongs.
- Activation: Select an activation option.
Click Add user.

Assign users to apps

Go to Users, and then select a user.
On the user's page, click Apps Assign app.
Click the Select app dropdown menu, and then type to search for the app.
Select an app.
Click Assign app.

Unassign users from apps

Go to Users, and then select a user.
On the user's page, click Apps.
On the apps you want to unassign, click Unassign.

Assign users to groups

Go to Users, and then select a user.
On the user's page, click Groups Assign app.
Click the Select group dropdown menu, and then type to search for the group.
Select a group.
Click Assign group.

Unassign users from group

Go to Users, and then select a user.
On the user's page, click Groups.
On the apps you want to unassign, click Unassign.

Edit user attributes

Go to Users, and then select a user.
On the user's page, click Profile.
Click Edit, and update the user details. You can only update username, names, emails, and phone numbers.

Reset authenticators

Enable authenticator reset notification emails for end users. See Authenticator reset notifications for end users.

Go to Users, and then select a user.
Click More actions Reset authenticators.
Optional. Select the Okta Verify checkbox.
Click Reset authenticators.

Reset multifactor authentication

If you need to reset multifactor authentication (MFA) for your end users, you can choose to reset configured factors for one or multiple users.

Go to Users, and then select a user.
Click More actions Reset multifactor.
Optional. Select one or more MFA options.
Click Reset all to reset all MFA.
Click Reset Selected Factors, if you select a specific MFA option.

Clear user sessions

Go to Users, and then select a user.
Click More actions Clear user sessions.
Click Clear Sessions & Revoke Tokens.

Enroll U2F security key

Complete the following steps to register a U2F security key. See Configure the FIDO2 (WebAuthn) authenticator for more information.

Go to Users, and then select a user.
Click More actions Enroll U2F Security Key.
Click Register.

Enroll a Web authentication security key

The FIDO2 (WebAuthn) authenticator lets users authenticate with a security key or a biometric method, such as a fingerprint or face recognition. See Configure the FIDO2 (WebAuthn) authenticator for more information.

Go to Users, and then select a user.
Click More actions Enroll Web Authentication Security Key.
Click Enroll.

Reset or remove password

You can reset or remove a user's password or end all of a user's sessions when resetting passwords.

Go to Users.
Click Reset or remove password. A dialog opens.
Select one of the following options: Send a reset password email, Create a temporary password, or Remove password.
Optional. Select the Sign out user checkbox. When you select this option, the user is signed out of Okta sessions on all devices and browsers.
Click Reset or remove password.