diff --git a/pro/idp/azure/azure.go b/pro/idp/azure/azure.go
index 03e8c737..5a01f36d 100644
--- a/pro/idp/azure/azure.go
+++ b/pro/idp/azure/azure.go
@@ -168,7 +168,7 @@ func buildPrefixFilter(field string, prefixes []string) string {
 		return fmt.Sprintf("$filter=startswith(%s,'%s')", field, prefixes[0])
 	}
 
-	return buildPrefixFilter(field, prefixes[1:]) + fmt.Sprintf("%%20or%%20startswith(%s,'%s')", field, prefixes[0])
+	return buildPrefixFilter(field, prefixes[:1]) + "%20or%20" + buildPrefixFilter(field, prefixes[1:])
 }
 
 type getUsersResponse struct {
diff --git a/pro/idp/google/google.go b/pro/idp/google/google.go
index 96d2ae63..c117cc63 100644
--- a/pro/idp/google/google.go
+++ b/pro/idp/google/google.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/base64"
 	"encoding/json"
+	"strings"
 
 	"github.com/gravitl/netmaker/logic"
 	"github.com/gravitl/netmaker/pro/idp"
@@ -67,6 +68,21 @@ func (g *Client) GetUsers(filters []string) ([]idp.User, error) {
 		Fields("users(id,primaryEmail,name,suspended,archived)", "nextPageToken").
 		Pages(context.TODO(), func(users *admindir.Users) error {
 			for _, user := range users.Users {
+				var keep bool
+				if len(filters) > 0 {
+					for _, filter := range filters {
+						if strings.HasPrefix(user.PrimaryEmail, filter) {
+							keep = true
+						}
+					}
+				} else {
+					keep = true
+				}
+
+				if !keep {
+					continue
+				}
+
 				retval = append(retval, idp.User{
 					ID:              user.Id,
 					Username:        user.PrimaryEmail,
@@ -89,6 +105,21 @@ func (g *Client) GetGroups(filters []string) ([]idp.Group, error) {
 		Fields("groups(id,name)", "nextPageToken").
 		Pages(context.TODO(), func(groups *admindir.Groups) error {
 			for _, group := range groups.Groups {
+				var keep bool
+				if len(filters) > 0 {
+					for _, filter := range filters {
+						if strings.HasPrefix(group.Name, filter) {
+							keep = true
+						}
+					}
+				} else {
+					keep = true
+				}
+
+				if !keep {
+					continue
+				}
+
 				var retvalMembers []string
 				err := g.service.Members.List(group.Id).
 					Fields("members(id)", "nextPageToken").
diff --git a/pro/idp/okta/okta.go b/pro/idp/okta/okta.go
index 449844e2..f76f2cdd 100644
--- a/pro/idp/okta/okta.go
+++ b/pro/idp/okta/okta.go
@@ -48,7 +48,9 @@ func (o *Client) GetUsers(filters []string) ([]idp.User, error) {
 	var allUsersFetched bool
 
 	for !allUsersFetched {
-		users, resp, err := o.client.UserAPI.ListUsers(context.TODO()).Execute()
+		users, resp, err := o.client.UserAPI.ListUsers(context.TODO()).
+			Search(buildPrefixFilter("profile.login", filters)).
+			Execute()
 		if err != nil {
 			return nil, err
 		}
@@ -87,7 +89,9 @@ func (o *Client) GetGroups(filters []string) ([]idp.Group, error) {
 	var allGroupsFetched bool
 
 	for !allGroupsFetched {
-		groups, resp, err := o.client.GroupAPI.ListGroups(context.TODO()).Execute()
+		groups, resp, err := o.client.GroupAPI.ListGroups(context.TODO()).
+			Search(buildPrefixFilter("profile.name", filters)).
+			Execute()
 		if err != nil {
 			return nil, err
 		}
@@ -123,3 +127,15 @@ func (o *Client) GetGroups(filters []string) ([]idp.Group, error) {
 
 	return retval, nil
 }
+
+func buildPrefixFilter(field string, prefixes []string) string {
+	if len(prefixes) == 0 {
+		return ""
+	}
+
+	if len(prefixes) == 1 {
+		return fmt.Sprintf("%s sw \"%s\"", field, prefixes[0])
+	}
+
+	return buildPrefixFilter(field, prefixes[:1]) + " or " + buildPrefixFilter(field, prefixes[1:])
+}