Organization administrators

Organization administrators (org admins) have org-wide permissions for most user management and policy settings. While org admin permissions are frequently combined with the app admin permissions to set up social authentication, we recommend combining them with a custom role for more granular access control.

Org admin restrictions

Org admins have many of the same permissions as super admins, with a few exceptions. Org admins can't perform the following actions:

  • Manage other admins
  • Manage applications
  • Manage authorization servers
  • Manage profile mappings
  • Manage hooks
  • Manage Okta Mobile
  • Create OIDC apps
  • Enable MFA
  • Enable self service registration
  • Enable Early Access and beta features

Related topics

Standard administrator roles and permissions

Use standard roles