Admin role assignments report

The Admin role assignments report shows the admin roles, apps, and resource sets that are assigned to the admins in your org. You can run the report for all admins, individual admins, or groups.

Prerequisites

  • Ensure that you’re signed in as a super admin.
  • If you have the Manage third-party admins checkbox enabled in your org on the SettingsAccount page, the report includes a Third-party admin column.

Parameters

You can filter the Admin role assignments report with any of the following parameters:

  • Admins
  • Roles
  • Resource sets

Procedure

There are two ways that you can access the Admin role assignments report:

From the Reports page

  1. In the Admin Console, go to ReportsReportsAdministrator reports.
  2. Click Admin role assignment report.

From the Administrators page

  1. In the Admin Console, go to SecurityAdministrators.

  2. Go to the Overview tab.
  3. Click Create report. The Admin role assignment report page opens.

Get the report

  1. Select your options for Admin, Role, and/or Resource set components on the Admin role assignment report page.

    Component

    Options

    Description

    Admin

    All admins The report includes all users that have admin roles assigned, both individually and through group membership.
    Specific admins (users or groups) Enter the name of the users and groups that you want to include in the report.
    Individually assigned admins The report includes users who get their admin role assignments through individual assignments.
    Group assigned roles The report includes users who get their admin role assignments through group membership.

    Role

    All roles The report includes all roles. Permissions within the roles are also included for custom admin roles.
    Specific roles Enter the names of the roles that you want to include in the report.
    Individual permissions Enter the individual permissions that you want to include in the report.

    Resource set

    All resources The report includes all resources and resource sets.
    Specific resource sets Enter the names of the resource sets that you want to include in the report.
    Individual resources Select the resource type and enter the names of resources that you want to include in the report.
    Note.

    You can also click Request report without selecting any options. This gives you an overall report for your org.

  2. Click Request report.

The reports are delivered by email to the email address associated with your account.

Report output

The Admin role assignments report output includes the following fields:

Field
Description
Resource set

Displays the resource set name. This field is blank for standard roles that have access to all of the org's resources.

Contained resource

Displays the resources that are included in the assigned resource set.

Role

Displays the role name.

Contained permission Indicates if the admin role is standard or custom. For custom roles, this field displays all of the included permissions.
Permissions constrained with conditions Indicates if the admin role has Permission conditions.
Admin Displays the admin's first and last name.
Login Displays the email address (username) that the admin uses to sign in to Okta.
Email Displays the admin's primary email address.
Last login Displays the date and time of the admin's most recent sign-in attempt. The field is blank if the admin has never signed in to Admin Console.
Is third party admin Indicates if the admin has the third-party admin status.
Role assigned to Indicates if the role was assigned to the admin individually or through a group. For group assignments, the group name appears.
Expires in If the role is granted through an access request, this field displays the expiration date. See Govern Okta admin roles.

Early Access release. See Enable self-service features.

Bundle name If the role was granted through an access request, this field displays the admin role bundle name. See Govern Okta admin roles.

Early Access release. See Enable self-service features.

Admin role names

Some admin role names appear differently in the report output and in Okta.

Role name in Okta
Role name in the report
Super administrator SuperOrgAdmin
Organization administrator OrgAdmin
Application administrator AppAdmin
Group administrator GroupAdmin
Group membership administrator GroupMember
Help desk administrator HelpDeskAdmin
Report administrator ReportAdmin
Read-only administrator ReadOnlyAdmin
API Access Management administrator ApiAccessManagementAdmin
Mobile administrator MobileAdmin