Get started with Okta Aerial

With Okta Aerial, you can efficiently manage multiple orgs from a single, centralized account.

Key terms

Term	Description
Aerial account	The management layer around multiple orgs within Okta. The Aerial account lives outside of your orgs and can manage any production or preview org linked to the Aerial account. Each Aerial account has a dedicated Aerial org.
Aerial org	Used to add Aerial owners and to create app sign-in policies for the Aerial Console. It's also used to register API clients and acts as an authorized server for all API calls that are made in the associated Aerial account. The Aerial org contains all System Log events that are associated with Okta Aerial actions.
Aerial Console	Used to view and manage orgs. You can access the Aerial Console from your Aerial org.
Associated org	All Production and Preview orgs that are related to your Okta contract. The list of associated orgs is displayed in the Okta Aerial Console.
Managed org	An org that's managed by Okta Aerial. A super admin must grant consent in the Admin Console or through the Aerial consent API, and an Aerial owner must add the org to Aerial for the org to be managed. See Add managed orgs.
Aerial owner	An admin with super admin privileges in your Aerial org.
Aerial member	A user with read-only access to the Aerial Console. They can request access to sign in to managed orgs. See Aerial members.

Before you begin

Ensure that you meet these requirements:

You have an active Okta Aerial account.
You have super admin privileges for your Aerial org.

Sign in to Aerial org

Each Aerial account has a dedicated Aerial org. This org is separate from your other Okta orgs and is where you can access the Aerial Console. Sign in to your Aerial org's Admin Console to manage users and app sign-in policies.

Create an app sign-in policy

Multifactor authentication is required to access the Aerial Console.

See App sign-in policies.

Set up Aerial users

You can add users so they can access the Aerial Console.