Deactivation Rules

Okta Orchestrator can automatically check, warn, and deactivate user access to Okta based on criteria you determine.

Automated deactivation is an important method to ensure that costly Okta licenses are recaptured and that temporary access is not allowed to linger indefinitely.

Deactivation Rules affect users at the Okta-level, and do not process against specific Access Entities. If deactivation occurs, the user will lose access to Okta entirely.

Type: Type of check to apply before applying Deactivation Rule to users
- Simple: Run a simple filter condition against all users, and apply 'Warning' or 'Deactivation' events against those that match.
- Scripted: For each user, apply scripts and return true/false if the 'Warning' or 'Deactivation' event should be processed
Send warning email: If the 'Warning' Condition/Script evaluates true, trigger an event (that will generally be used to send a notification)
- Event: The event that is triggered when 'Send warning email' is enabled. Generally, this event will be used to trigger an email to the user that they must perform an action (such as logging in) in order to avoid deactivation.

Deactivation Logs maintain an audit trail of any deactivations that occur due to Deactivation Rules.

PreviousAttestation Tracking NextDeactivation Logs

Last updated 4 months ago