Everyone group in Okta


#1

Hi all
I am gone through couple of okta developer as well as production instances.
All of these instance having one common group called everyone.

So here few doubts about that:

  1. The everyone group is exists for each and every okta instance?
  2. Is there any possibility that everyone is not exists on okta?
  3. Every user created on okta is member of everyone group?
  4. Are there some user which is not part of everyone group?
  5. If I hit /api/v1/groups/${EveryOne_groupId}/users api is gives equivalent results as /api/v1/users api ?

#2

Hi @prasad_g_parab .

The everyone group is exists for each and every okta instance?
Yes

Is there any possibility that everyone is not exists on okta?
No

Every user created on okta is member of everyone group?
Yes

Are there some user which is not part of everyone group?
No

If I hit /api/v1/groups/${EveryOne_groupId}/users api is gives equivalent results as /api/v1/users api ?
In theory, yes. However, if you are looking for all users, I’d encourage you to use the /api/v1/users.
Why:

  • The group members search does not support the same search filters as the users search
  • The filter limit recommended for the group members search is 200. If you make a search for a group with several users without limit your search, you might get a 500 error. For more info, check this:

https://developer.okta.com/docs/api/resources/groups#list-group-members


#3

So if I use proper paging (with page size below 200) in /api/v1/groups/${EveryOne_groupId}/users api then I will get all users exists on okta instance.
Is this statement correct?

And If you can describe the business logic behind everyone group exists on all Okta instances it will help me to design my application which integrate okta using rest api’s.


#4

So if I use proper paging (with page size below 200) in /api/v1/groups/${EveryOne_groupId}/users api then I will get all users exists on okta instance.
Is this statement correct?

As of now, yes (I just tested both endpoints and they return the same information about the user). The limits on the group members request vs the list users request still exists.

And If you can describe the business logic behind everyone group exists on all Okta instances it will help me to design my application which integrate okta using rest api’s.

The Everyone group exists by default to simplify the way you configure Okta. For example:

  1. If you assign an application to Everyone, all new users will be automatically assigned to the app.
  2. If you assign a password policy to Everyone, all users will comply with the policy.
  3. If you require multi-factor authentication to Everyone, all users will need to login with a second factor.

Without the Everyone group, you would need to touch your config every time a new user is created in your system (assign the new user to the apps, password policies, mfa, etc…).

I hope this helps. :slight_smile: