Organization administrators

Organization administrators (org admins) have org-wide permissions for most user management and policy settings. While org admin permissions are frequently combined with the app admin permissions to set up social authentication, we recommend combining them with a custom role for more granular access control.

Org admin restrictions

Org admins have many of the same permissions as super admins, with a few exceptions. Org admins can't perform the following actions:

  • Grant access to Okta Support
  • Add, remove, and view administrators
  • Manage applications
  • Manage authorization servers
  • Manage profile mappings
  • Manage hooks
  • Manage Okta Mobile
  • Create OIDC apps
  • Enable MFA for the Admin Console
  • Enable self service registration
    • Deprecation notice: This feature is being deprecated from the Okta Classic Engine. The functionality will be removed in a future release. For questions or concerns, contact your Customer Success Manager (CSM) or Okta Support.

  • Enable Early Access and beta features

For a complete view of all of the permissions that are granted and excluded from this role, see Standard administrator roles and permissions.

Related topics

Standard administrator roles and permissions

Use standard roles