You can list identities with only state = active in Ory Kratos using either the CLI command or the API. ### Using the API When using the Ory Identities API, you can filter identities by their state using the

active

query parameter when calling the

listIdentities

endpoint:

GET /admin/identities?active=true

This will return only identities with state = active. ### Using the SDK You can also use the SDK to list active identities:

typescript import { Configuration, IdentityApi } from "@ory/client"  const identity = new IdentityApi(   new Configuration({     basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`,     accessToken: `${process.env.ORY_ACCESS_TOKEN}`,   }), )  export async function listActiveIdentities(   pageToken?: string,   pageSize?: number, ) {   return await identity.listIdentities({     active: true, // Filter for active identities     pageToken: pageToken,     pageSize: pageSize,   }) }

### Using the CLI For the CLI, you can use the

kratos identities list

command, though the documentation doesn't explicitly mention a state filter option for the CLI command [Kratos identities list](https://www.ory.sh/docs/kratos/cli/kratos-identities-list#kratos-identities-list). You would need to list all identities and then filter the results client-side. Remember that when using the API or SDK, you need proper authorization with an API key as described in the [Authorization with API Keys documentation](https://www.ory.sh/docs/concepts/personal-access-token).

@chilly-king-10285 I used GET /admin/identities?active=true but it did not work, it returned all inactive and active identities

I apologize for the confusion. You're right that the

active

query parameter doesn't work as I previously suggested for the

/admin/identities

endpoint. Looking more closely at the documentation, the correct way to filter identities by state is to use the

credentials_identifier

parameter with the state value. However, the documentation also notes that "filters cannot be combined" for the listIdentities endpoint. Instead, you can use the following approaches: 1. List all identities and filter client-side: Retrieve all identities and then filter them by state in your application code. 2. Use the SDK with proper filtering:

typescript    import { Configuration, IdentityApi } from "@ory/client"     const identity = new IdentityApi(      new Configuration({        basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`,        accessToken: process.env.ORY_API_KEY,      }),    )     // Get all identities and filter client-side    const response = await identity.listIdentities({})    const activeIdentities = response.data.filter(identity => identity.state === "active")

3. Change identity state using the SDK: If you need to manage identity states, you can use the SDK to activate or deactivate identities as shown in the [Identity state documentation](https://www.ory.sh/docs/identities/model/activate-deactivate-user-login-state):

typescript    import { Configuration, IdentityApi } from "@ory/client"    import { JsonPatchOpEnum } from "@ory/client/api"        const identity = new IdentityApi(      new Configuration({        basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`,        accessToken: process.env.ORY_API_KEY,      }),    )        export async function setState(      identityId: string,      state: "active" | "inactive",    ) {      return await identity        .patchIdentity({          id: identityId,          jsonPatch: [            {              op: JsonPatchOpEnum.Replace,              value: state,              path: "/state",            },          ],        })        .then(({ data }) => data)    }

Unfortunately, the API doesn't appear to support direct filtering of identities by state in the query parameters as I initially suggested. You'll need to retrieve all identities and filter them in your application code.