Removing the users by App using powershell

[Saikishore031]

Hi Began,

How are you!!!

Is it possible to remove the specified users from specified App?

Can you please help me the powershell script?

[zsirkin]

Would love to see an answer to this one as well!

[mbegan]

So the kicker on this one is going to be figuring out how the user was assigned the app.

If assigned by way of a group i'd suggest removing the user from the group and the application assignments will clear out... of course this can be heavy handed if the group in question is used to assign multiple apps.

If the user is assigned directly use this command

oktaDelUseridfromAppid -uid $user.id -aid $app.id

If the user is assigned the app by way of a group you'd have to convert the assignment to a direct assignment and then delete the user... this will probably come back to bite you as the user is still a member of a group assigned to the app and something is going to happen in the system that will cause the app to be reassigned at some point.

If this is what you are trying to do let me know, i'll need to update a function to allow you to change the scope...

[Saikishore031]

Yes, The user is assigned the app by way of a group, we need to delete the list of users which is assigned to the app by group. So, it will be more helpful if we can have script to delete the multiple users from the app by using particular group.

Thanks, Sai Kishore

[srirao28]

Experts..need help.

Below is the structure of okta user/group/application user - abc group - XYZ application - 123 XYZ mapped to 123

Need to remove [abc] from (XYZ), ideal way to implement with powershell script

Thanks! sri