Organization administrators

Organization administrators (org admins) have org-wide permissions for most user management and policy settings. While org admin permissions are frequently combined with the app admin permissions to set up social authentication, we recommend combining them with a custom role for more granular access control.

Org admin restrictions

Org admins have many of the same permissions as super admins, with a few exceptions. Org admins can't perform the following actions:

  • Manage other admins
  • Manage applications
  • Manage authorization servers
  • Manage profile mappings
  • Manage hooks
  • Manage Okta Mobile
  • Create OIDC apps
  • Enable MFA
  • Enable self service registration
    • Deprecation notice: This feature is being deprecated from the Okta Classic Engine. The functionality will be removed in a future release. For questions or concerns, contact your Customer Success Manager (CSM) or Okta Support.

  • Enable Early Access and beta features

Related topics

Standard administrator roles and permissions

Use standard roles