Everyone group in Okta

prasad_g_parab · March 13, 2018, 8:54am

Hi all
I am gone through couple of okta developer as well as production instances.
All of these instance having one common group called everyone.

So here few doubts about that:

The everyone group is exists for each and every okta instance?
Is there any possibility that everyone is not exists on okta?
Every user created on okta is member of everyone group?
Are there some user which is not part of everyone group?
If I hit /api/v1/groups/${EveryOne_groupId}/users api is gives equivalent results as /api/v1/users api ?

frederico.hakamine · March 13, 2018, 6:09pm

Hi @prasad_g_parab .

The everyone group is exists for each and every okta instance?
Yes

Is there any possibility that everyone is not exists on okta?
No

Every user created on okta is member of everyone group?
Yes

Are there some user which is not part of everyone group?
No

If I hit /api/v1/groups/${EveryOne_groupId}/users api is gives equivalent results as /api/v1/users api ?
In theory, yes. However, if you are looking for all users, I’d encourage you to use the /api/v1/users.
Why:

The group members search does not support the same search filters as the users search
The filter limit recommended for the group members search is 200. If you make a search for a group with several users without limit your search, you might get a 500 error. For more info, check this:

https://developer.okta.com/docs/api/resources/groups#list-group-members

prasad_g_parab · March 14, 2018, 5:52am

So if I use proper paging (with page size below 200) in /api/v1/groups/${EveryOne_groupId}/users api then I will get all users exists on okta instance.
Is this statement correct?

And If you can describe the business logic behind everyone group exists on all Okta instances it will help me to design my application which integrate okta using rest api’s.

frederico.hakamine · March 14, 2018, 3:48pm

So if I use proper paging (with page size below 200) in /api/v1/groups/${EveryOne_groupId}/users api then I will get all users exists on okta instance.
Is this statement correct?

As of now, yes (I just tested both endpoints and they return the same information about the user). The limits on the group members request vs the list users request still exists.

And If you can describe the business logic behind everyone group exists on all Okta instances it will help me to design my application which integrate okta using rest api’s.

The Everyone group exists by default to simplify the way you configure Okta. For example:

If you assign an application to Everyone, all new users will be automatically assigned to the app.
If you assign a password policy to Everyone, all users will comply with the policy.
If you require multi-factor authentication to Everyone, all users will need to login with a second factor.

Without the Everyone group, you would need to touch your config every time a new user is created in your system (assign the new user to the apps, password policies, mfa, etc…).

I hope this helps.

system · January 12, 2024, 9:44pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.