User Lifecycle

Reactivates a user.

This operation can only be performed on Users with a PROVISIONED or RECOVERY status. This operation restarts the activation workflow if for some reason the user activation wasn't completed when using the activationToken from Activate User.

Users that don't have a password must complete the flow by completing Reset Password and MFA enrollment steps to transition the user to ACTIVE status.

If sendEmail is false, returns an activation link for the user to set up their account. The activation token can be used to create a custom activation link.

Activates a User.

This operation can only be performed on Users with a STAGED or DEPROVISIONED status. Activation of a User is an asynchronous operation.

• The User will have the transitioningToStatus property with an ACTIVE value during activation to indicate that the user hasn't completed the asynchronous operation.
• The User will have an ACTIVE status when the activation process completes.

Users who don't have a password must complete the welcome flow by visiting the activation link to complete the transition to ACTIVE status.

Note: If you want to send a branded User Activation email, change the subdomain of your request to the custom domain that's associated with the brand. For example, change subdomain.okta.com to custom.domain.one. See Multibrand and custom domains.

Note: If you have Optional Password enabled, visiting the activation link is optional for users who aren't required to enroll a password. See Create user with Optional Password enabled.

Legal disclaimer After a user is added to the Okta directory, they receive an activation email. As part of signing up for this service, you agreed not to use Okta's service/product to spam and/or send unsolicited messages. Please refrain from adding unrelated accounts to the directory as Okta is not responsible for, and disclaims any and all liability associated with, the activation email's content. You, and you alone, bear responsibility for the emails sent to any recipients.

Deactivates a User.

This operation can only be performed on Users that do not have a DEPROVISIONED status.

• The User's transitioningToStatus property is DEPROVISIONED during deactivation to indicate that the user hasn't completed the asynchronous operation.
• The User's status is DEPROVISIONED when the deactivation process is complete.

Important: Deactivating a User is a destructive operation. The User is deprovisioned from all assigned apps, which might destroy their data such as email or files. This action cannot be recovered!

You can also perform user deactivation asynchronously. To invoke asynchronous user deactivation, pass an HTTP header Prefer: respond-async with the request.

Resets all factors for the specified User. All MFA factor enrollments return to the unenrolled state. The User's status remains ACTIVE. This link is present only if the User is currently enrolled in one or more MFA factors.

Suspends a user. This operation can only be performed on Users with an ACTIVE status. The User has a SUSPENDED status when the process completes.

Suspended users can't sign in to Okta. They can only be unsuspended or deactivated. Their group and app assignments are retained.

Unlocks a User with a LOCKED_OUT status or unlocks a User with an ACTIVE status that is blocked from unknown devices. Unlocked Users have an ACTIVE status and can sign in with their current password.

Note: This operation works with Okta-sourced users. It doesn't support directory-sourced accounts such as Active Directory.

Unsuspends a user and returns them to the ACTIVE state. This operation can only be performed on users that have a SUSPENDED status.