Skip to main contentSkip to docs navigation
Docs
  • English (United States)
  • 日本語 (日本)
  • Français (France)
    • Identity Engine
    • Classic Engine
    • Access Gateway
    • Advanced Server Access
    • Aerial
    • Identity Security Posture Management
    • Workflows
    • Identity Engine
    • Classic Engine
    • Access Gateway
    • Advanced Server Access
    • Aerial
    • Identity Security Posture Management
    • Workflows
  • Okta Developer
    • Auth0 Docs
    • Auth0 FGA Docs
  • Training
  • Support
    • English (United States)
    • 日本語 (日本)
    • Français (France)

Feedback
Classic Engine publication
  • Okta Documentation
  • Okta Classic Engine
  • Release notes
    • Production
    • Preview
    • Early Access
    • Okta Mobile
      • Android
      • iOS
    • Okta Verify release notes
      • Okta Verify for Android
      • Okta Verify for iOS
    • Identity Governance
    • Okta Privileged Access
      • Device tools
      • Platform
    • Archive
      • 2026
      • 2025
      • 2024
      • 2023
      • 2022
      • 2021
      • 2020
      • 2019
      • 2018
      • 2017
  • Monitoring and reports
    • Administrator Dashboard
      • View your org at a glance
      • View your org agents' status
      • View Okta service status
      • Monitor your tasks
      • Monitor your org's security
      • Monitor your SSO apps
      • Admin Console search
    • Reports
      • Entitlements and access
        • Group membership
        • User accounts
        • User app access
      • Application usage
      • Okta password health
      • SAML capable apps
      • Application access
      • MFA activity
      • MFA usage
      • MFA enrollment by user
      • Suspicious activity
      • Deprovision details
      • Rate limits
      • Admin role assignments
      • Telephony usage
      • Deprecated reports
        • Current Assignments report
        • Recent Unassignments report
        • App Password Health report
    • Run reports
    • Receive reports by email
    • System Log
      • System Log filters and search
      • Common System Log filters
    • Log streaming
      • Add an AWS EventBridge log stream
      • Add a Splunk Cloud log stream
      • Edit the status of your log stream
  • Directory integrations
    • Active Directory integration
      • Get started with Active Directory integration
        • Typical workflow for integrating Active Directory
        • Active Directory integration prerequisites
        • Active Directory integration considerations and limits
        • Okta service account permissions
        • Supported Active Directory integration features
        • Active Directory integration implementation options
        • Plan for high availability and disaster recovery
        • Integration with existing Active Directory forests and domains
        • Prepare Active Directory for the integration
        • Import considerations
        • Supported attribute syntaxes
      • Manage your Active Directory integration
        • Install the Okta Active Directory agent
        • Configure Active Directory import and account settings
        • Configure Active Directory provisioning settings
        • Install multiple Okta Active Directory agents
        • Update the Okta Active Directory agent
        • Uninstall Okta Active Directory agent
        • Locate the Okta AD Agent log
        • Change the Okta Active Directory agent user
        • Change the number of Okta Active Directory agent threads
        • Okta Active Directory agent variable definitions
        • Configure DMZ server ports for Active Directory integrations
        • Register multiple domains to an Okta Active Directory agent
        • Make Active Directory the Profile Source
        • Rename an Active Directory domain
        • Delegated authentication with Active Directory
        • Enable delegated authentication for Active Directory
        • Check AD DirSync readiness
        • Enable imports with DirSync
      • Manage Active Directory users and groups
        • Import Active Directory users on demand
        • Schedule Active Directory user imports
        • Add and update users with Active Directory Just-In-Time provisioning
        • Make names optional in Active Directory
        • Confirm imported Active Directory user assignments
        • Import groups from Active Directory
        • Push groups from Okta to Active Directory
        • Enable universal security group support
        • Configure enhanced group push for Active Directory organizational units
        • Enable Okta-sourced user Organizational Unit updates
        • View users and groups associated with an Active Directory instance
        • Remove a group from Active Directory provisioning
        • Exclude AD username updates during provisioning
        • Disconnect users from Active Directory
        • Bidirectional Group Management with Active Directory
          • Access governance for AD groups
      • Work with Active Directory attributes
        • Base Active Directory attributes
        • Active Directory attribute mappings to Okta properties
        • Exclude Active Directory username updates during provisioning
      • Active Directory Desktop Single Sign-on
        • Desktop Single Sign-on prerequisites
        • Active Directory Desktop Single Sign-On known issues
        • About Active Directory Desktop Single Sign-on and Just-In-Time provisioning
        • Identify your Desktop Single Sign-On type
        • Configure agentless Desktop Single Sign-on
          • About the agentless Desktop Single Sign-on workflow
          • About agentless Desktop Single Sign-on failover
          • Create a service account and configure a Service Principal Name
          • Configure browsers for Windows agentless Desktop Single Sign-on
          • Configure browsers for Mac agentless Desktop Single Sign-on
          • Enable agentless Desktop Single Sign-on
          • Update the default Desktop Single Sign-on Identity Provider routing rule
          • Validate the agentless Desktop Single Sign-on configuration
          • Test the agentless Desktop Single Sign-on configuration
        • Migrate your agentless Desktop Single Sign-on configuration
          • Set the service principal name
          • Configure browsers for single sign-on on Windows
          • Test the Desktop Single Sign-on settings
        • Install and configure the Okta IWA Web agent for Desktop Single Sign-on
          • Migrate from Integrated Windows Authentication to agentless Desktop Single Sign-on
          • Learn about the Okta IWA Web agent
          • Okta IWA Web agent installation prerequisites
          • Install the Okta IWA Web agent
          • Configure Windows browsers for SSO
          • Configure Mac browsers for SSO
          • Activate the Okta IWA Web agent
          • Configure SSL for the Okta IWA Web agent
          • Configure routing rules for the Okta IWA Web agent
          • Test the Okta IWA Web agent
          • Test Okta IWA Web agent Desktop Single Sign-on
          • View the Okta IWA Web agent status
          • Customize the Active Directory DSSO sign-out page
          • Configure failover for the Okta IWA Web agent
          • Configure the Okta IWA Web agent Universal Principal Name
          • Change the Okta IWA Web agent timeout period
          • Disable Okta IWA Web agent authentication for specific clients
          • Install the Okta IWA Web agent on a virtual machine
        • Desktop Single Sign-on FAQ
        • Desktop Single Sign-on troubleshooting
      • Manage passwords
        • Synchronize passwords
          • Password synchronization use cases
          • Synchronize passwords from Okta to Active Directory
          • Synchronize passwords from Active Directory to Okta
          • Application password synchronization
          • Use Okta API to expire user passwords
          • Troubleshoot password synchronization
      • Automatically update Okta Active Directory agents
        • View Okta Active Directory (AD) agent status information
        • Auto-update a single agent on demand
        • Auto-update multiple agents on demand
        • Retry an on-demand agent auto-update
        • Cancel an on-demand agent auto-update
        • Schedule agent auto-updates
        • Turn an agent auto-update schedule on or off
        • Delete an agent auto-update schedule
        • Define the behavior for failed agent auto-updates
        • Unsubscribe from agent auto-update email notifications
        • Download the latest agent version
      • Active Directory integration FAQ
    • LDAP integration
      • Get started with LDAP integration
        • LDAP integration prerequisites
        • LDAP integration known issues
        • LDAP integration limits
        • LDAP integration features
        • Supported LDAP directories
        • LDAP incremental import support
      • Manage your LDAP integration
        • Install the Okta LDAP Agent
        • Configure LDAP integration settings
        • Configure Okta to LDAP provisioning settings
        • Configure LDAP to Okta provisioning settings
        • Modify LDAP integration settings
        • Enable LDAP over SSL
        • Map Okta user profile attributes to LDAP attributes
        • Verify the Okta LDAP agent download
        • Configure incremental imports for AD LDS
        • Reconfigure an Okta LDAP Agent
        • LDAP configuration parameters
        • Change the number of Okta LDAP agent threads
        • Add or remove custom LDAP attributes
        • Locate the Okta LDAP agent log
        • Manage the Okta LDAP Agent
        • Uninstall or reinstall the Okta LDAP Agent
      • Configure supported LDAP directory services
        • AD LDS LDAP integration reference
        • eDirectory LDAP integration reference
        • IBM LDAP integration reference
        • OpenDJ LDAP integration reference
        • Oracle Internet Directory LDAP integration reference
        • OpenLDAP integration reference
        • Oracle Directory Server Enterprise Edition LDAP integration reference
        • Oracle Unified Directory LDAP integration reference
        • Sun ONE Application Server LDAP integration reference
      • Set up and manage the LDAP Interface
        • LDAP Interface known limitations
        • LDAP Interface connection settings
        • Enable the LDAP interface
        • Expose app groups in the LDAP interface directory information tree
        • Use multifactor authentication with the LDAP Interface
        • LDAP interface pagination control
        • LDAP interface troubleshooting
      • Bidirectional Group Management with LDAP
      • Automatically update Okta LDAP agents
        • View LDAP agent status information
        • Auto-update a single agent on demand
        • Auto-update multiple agents on demand
        • Retry an on-demand agent auto-update
        • Cancel an on-demand agent auto-update
        • Schedule agent auto-updates
        • Turn an agent auto-update schedule on or off
        • Delete an agent auto-update schedule
        • Define the behavior for failed agent auto-updates
        • Unsubscribe from agent auto-update email notifications
        • Download the latest agent version
      • LDAP integration troubleshooting
    • CSV directory integration
      • Get started with CSV directory integration
        • CSV directory integration prerequisites
        • Typical workflow for integrating CSV directories
      • Manage your CSV directory integration
        • Download and install the Okta Provisioning agent
        • Configure the CSV directory integration settings
        • Configure the CSV directory integration profile attributes
        • Configure the CSV directory integration import settings
        • Test the CSV directory integration
  • User management
    • Manage users
      • Add users manually
      • Add and update users with Just-In-Time provisioning
      • Use Anything-as-a-Source
      • Import users
        • View the Import Monitoring dashboard
        • Import users from an app
        • Edit app provisioning settings
        • Clear unconfirmed users
        • Import users from a CSV file
        • Assign users to apps using a CSV file
        • Match imported user attributes
        • Import safeguards
        • Enable or disable import safeguards
        • Change threshold for import safeguard
        • Resolve import safeguard warnings on the Import Monitoring dashboard
      • Manage self-service registration settings
        • About self-service registration
        • Enable and configure a self-service registration policy
        • Disable the security image and security questions
      • Activate user accounts
      • Deactivate and delete user accounts
      • Edit deactivated user profiles
      • End Privileged Access
      • Assign applications to users
      • Search for application users
      • Unassign users from applications
      • Unlock an individual user account
      • Unlock multiple user accounts
      • Suspend and unsuspend users
      • Reset a user password
      • Reset multiple user passwords
      • Revoke all user sessions
      • Manage self-service password reset
        • Group password policies
        • Create a self-service password reset policy for your org
        • Add self-service password reset to an existing password policy
        • Configure voice call for self-service password resets
        • Configure SMS for self-service password resets
        • Enable Active Directory delegated authentication
        • Self-service password reset scenarios
      • Manage password expiry
        • Expire all user passwords
        • Expire a user's password on the Okta Admin Console
        • Expire a user password using the Okta API
      • Revoke a user's certificate from the Okta Certificate Authority
      • User account status
    • Manage groups
      • Groups
      • Okta group source types
      • Create a group
      • About group duplication in Microsoft Office 365
      • View group members
      • Manually assign people to a group
      • Bulk assign people to a group
      • Remove people from a group
      • Enable group import from provisioning-enabled apps
      • Review group imports
      • View and edit Okta group attributes
      • Remove groups imported from provisioning-enabled apps
      • Assign a single app to groups
      • Assign multiple apps to a group
      • Manage group prioritization
        • Prioritize application groups
        • Assign attribute group priority
        • Group prioritization use case
      • Manage group rules
        • Group rules
        • Group rules best practices
        • Manual group user management
        • Create group rules
        • Verify group membership changes
        • Edit group rules
      • Manage Group Push
        • Group Push
        • Group Push prerequisites
        • Enable Group Push
        • Group Push operations
        • App assignments and Group Push
        • Troubleshooting Group Push
      • Manage Group Linking
        • Configure Group Linking
        • Configure Group Linking to delete application groups
    • Manage profiles
      • Profile types
      • Attribute mappings
      • Expressions
      • About rich SAML assertions and WS-Federation claims
      • Work with profiles and attributes
        • View the Okta default user profile
        • View the Okta default group profile
        • Make the user profile first and last name optional
        • Create a custom character restriction for the Okta username
        • Add custom attributes to an Okta user profile
        • Add custom attributes to a default Okta group profile
        • Add custom attributes to apps, directories, and identity providers
        • Edit Okta default group profile custom attributes
        • Delete custom attributes from a user profile
        • Remove custom attributes from a default Okta group profile
        • Delete custom app, directory, and identity provider attributes
        • Enforce uniqueness of custom attributes
        • Enforce custom attribute uniqueness
        • Add or remove custom directory schema attributes
        • Review reserved attributes
        • Profile Push
        • View existing application attribute mapping
        • Map Okta attributes to app attributes in the Profile Editor
        • Map app attributes on the Provisioning page
        • Edit application attribute mapping
        • Modify attributes with expressions
        • Override a user name format
        • Override an app username
        • Override application attribute mapping
        • Remove mapping
        • Automatically update an app username
      • Work with Universal Directory user types
        • Custom user types in Universal Directory
        • Universal Directory custom user types known issues
        • Create a custom user type
        • Map a user type to an application
        • Create a user and assign a user type
        • Change the user type
        • Delete a user type
      • Manage profile and attribute sourcing
        • Profile sourcing
        • Designate profile sources for user attributes
        • Prioritize profile sources
        • Make an app the profile source
        • Define the attribute profile source
        • Map profile attributes
        • Edit user attributes
        • Allow users to edit attributes
    • Manage realms
      • Requirements and limitations
      • Get started with realms
      • Create realms
      • Delegate realm management
      • Manage realm users
      • Realm assignments
      • Realms with Okta Identity Governance
      • Use Workflows to manage realms
    • Manage service accounts
      • Alternative options to service accounts
      • Set up the Okta Privileged Access app
      • Manage a SaaS app service account
      • Manage an Okta user account as a service account
  • App integrations
    • Get started with app integrations
    • Learn about app integrations
      • Single Sign-On
      • OIDC app integrations
      • SAML app integrations
      • WS-Fed app integrations
      • SWA app integrations
      • SCIM app integrations
      • CASB configuration guide
    • Add app integrations
      • Add existing app integrations
      • Create custom app integrations
        • Create OpenID Connect app integrations
          • Manage secrets and keys for OIDC app client authentication
          • Encrypt OIDC ID tokens for app integrations
        • Create SAML app integrations
          • AIW SAML field reference
          • Define attribute statements
          • Define group attribute statements
          • Manage signing certificates
        • Configure custom claims for app integrations
          • Generate entitlement claims using the legacy configuration
        • Create SWA app integrations
        • Create SCIM app integrations with entitlement management
        • Add SCIM provisioning to app integrations
      • Configure Single Sign-On options
      • Configure settings for app integrations
      • Configure profile attributes for OIDC apps
      • Self Service for app integrations
        • Workflow to configure Self Service request feature
        • Enable self-service access to apps
        • Configure a Self Service approval workflow
        • Add app integrations as an end user
        • Handle app integration requests
      • Configure the Okta Template App and Okta Plugin Template App
      • Create a Bookmark App integration
      • Simulate an IdP-initiated flow with the Bookmark App
      • Configure Single Logout in app integrations
      • Configure Universal Logout
      • Mapping Active Directory, LDAP, and Workday Values in a SAML template
    • Integration guides
      • 1Password Enterprise Password Manager
        • Integrate 1Password Enterprise Password Manager with Okta
        • Configure Okta SSO in 1Password Enterprise Password Manager
        • Manage user assignments and grace periods
        • Integrate 1Password Enterprise Password Manager with Okta for SSO Unlock
        • Verify SP-inititated SSO
      • Advent Black Diamond
        • Advent Black Diamond supported features
        • Configure Advent Black Diamond provisioning with Okta
      • Amazon Web Services Account Federation
        • Learn about Amazon Web Services integration
        • Connect Okta to a single Amazon Web Services instance
          • Configure Okta as the AWS account identity provider
          • Add Okta as a trusted source for AWS roles
          • Generate the AWS API access key
          • Configure the Amazon Web Services Account Federation app in Okta
        • Connect Okta to multiple Amazon Web Services instances
          • Integrate multiple AWS instances
          • AWS user and group access management
          • Configure AWS accounts and roles for SAML SSO
          • Create AWS role groups in an external directory
          • Create management groups to map users to AWS accounts and roles
          • Import AWS role and management groups into Okta
          • Enable group-based role mapping in Okta
          • Assign AWS management groups to the Okta AWS app
      • Artifactory
        • Artifactory supported features
        • Integrate Artifactory with Okta
      • Atlassian
      • Axway Amplify
        • Axway Amplify supported features
        • Integrate Axway Amplify with Okta
      • BambooHR
        • BambooHR supported features
        • BambooHR integration known issues
        • Integrate BambooHR with Okta
      • BMC Remedyforce
        • BMC Remedyforce supported features
        • Configure BMC Remedyforce provisioning with Okta
      • Box
        • Box supported features
        • Manage your Box integration
          • Integrate Box with Okta
          • Add attributes to a Box profile
          • Add existing Box groups to Okta
          • Assign Box to Okta groups and configure group push
          • Configure SAML group push for Box
      • Confluence On-Premises
      • Coupa
        • Coupa supported features
        • Integrate Coupa with Okta
      • CrowdStrike
        • CrowdStrike supported features
        • Integrate CrowdStrike with Okta
      • DocuSign
        • DocuSign supported features
        • Integrate DocuSign with Okta
      • Dropbox Business
        • Dropbox Business integration prerequisites
        • Dropbox Business integration known issues
        • Silently provision Dropbox Business
        • Dropbox Business supported features
        • Integrate Dropbox Business with Okta
      • FleetDM
        • FleetDM supported features
        • Configure FleeDM provisioning with Okta
      • Google Workspace
        • Troubleshooting
        • Manage Google Workspace users
        • Google email alias support
      • HashiCorp Cloud Platform
        • HashiCorp Cloud Platform supported features
        • Integrate HashiCorp Cloud with Okta
      • HashiCorp Vault
        • Integrate HashiCorp Vault with Okta
        • Configure the OIDC authentication method
        • Configure groups and policies
        • Test the integration
      • Informatica Cloud
        • Informatica Cloud supported features
        • Integrate Informatica Cloud with Okta
      • Jamf Pro Admin Console
        • Jamf Pro Admin Console supported features
        • Integrate Jamf Pro Admin Console with Okta
      • Jamf Pro User Enrollment
        • Jamf Pro User Enrollment supported features
        • Integrate Jamf Pro User Enrollment with Okta
      • JumpCloud
        • Integrate JumpCloud with Okta
        • Configure IdP for JumpCloud
        • Verify SP-initiated Single Sign-On (SSO)
      • Lucid
        • Lucid supported features
        • Integrate Lucid with Okta
      • Meta Work Accounts
      • Microsoft Entra ID and Office 365
        • Microsoft Entra ID Microsoft Entra ID
          • Integrate Microsoft Entra ID using SAML
            • About Microsoft Entra ID SAML integration
            • Create the Okta enterprise app in Microsoft Entra ID
            • Make Microsoft Entra ID an Identity Provider
            • Map Microsoft Entra ID attributes to Okta attributes
            • Test the Microsoft Entra ID integration
          • Integrate Hybrid Microsoft Entra ID Join
            • About Hybrid Microsoft Entra ID devices
            • Prerequisites for integrating Microsoft Entra ID join
            • Configure Office 365 sign-on rules to allow on-prem and cloud access
            • Configure Hybrid Join in Microsoft Entra ID
            • Hybrid Microsoft Entra ID integration FAQs
        • Microsoft Office 365
          • Deploy Office 365
            • Add Office 365 to Okta
            • Configure Single Sign-On for Office 365
            • Provision users to Office 365
            • Import users to Office 365 using Microsoft Graph API
            • Assign Office 365 to users and groups
            • Secure Office 365 using app sign-on policies
          • Office 365 sign on policies
            • About Office 365 sign on policies
            • Best security practices for Office 365 sign on policies
            • Office 365 sign-on rules options
            • Office 365 default sign-on rules
            • Create Office 365 sign-on rules
          • Office 365 provisioning and deprovisioning
            • Enable deprovisioning in Office 365
            • Add custom attributes
            • Map custom attributes
            • Skip importing groups during Office 365 user provisioning
            • Provisioning options for Office 365
            • Deprovisioning options for Office 365
            • Manage Office 365 licenses and roles
            • Supported user profile attributes for Office 365 provisioning
            • Supported user profile attributes for Office 365 import
          • Advanced integration topics for Office 365
            • Allow or deny custom clients in Office 365 sign-on policy
            • Provide Microsoft admin consent for Okta
            • Office 365 Silent Activation: New Implementations
            • Office 365 Silent Activation: Old Implementations
            • Migrate registry-key-based Office 365 Silent Activation to new configuration
            • Use Okta MFA for Microsoft Entra ID (formerly Azure Active Directory)
            • Federate multiple Office 365 domains in a single app instance
            • Okta support for hybrid Microsoft Entra ID joined devices
            • Get started with Office 365 provisioning and deprovisioning
            • Enable Microsoft Office 365 applications
            • Move Microsoft Office 365 from Secure Web Authentication to WS-Federation
            • Configure Office 365 GCC Tenant
            • Configure the Okta Template WS Federation Application
            • Configure WS-Federation for Office 365
            • Group linking for Microsoft Office 365
          • Office 365 FAQs
      • Microsoft SharePoint (On-Premises)
        • Typical deployment workflow for SharePoint (On-Premises)
          • Deployment Scenarios
          • Add SharePoint (On-Premises) in Okta
          • Configure Okta as a claims provider in SharePoint (On-Premises)
          • Configure Okta SharePoint People Picker agent
          • Deploy Okta People Picker for SharePoint agent
          • Uninstall Okta People Picker and Okta authentication
          • Troubleshooting: Microsoft SharePoint (On-Premises)
          • Microsoft SharePoint (On-Premises) FAQs
      • Mimecast Personal Portal V3
        • Mimecast Personal Portal V3 supported features
        • Integrate Mimecast Personal Portal V3 with Okta
      • MuleSoft Anypoint Platform
        • Create an OIDC integration
          • Integrate MuleSoft Anypoint Platform with Okta
          • Configure IdP for MuleSoft Anypoint Platform
          • Configure the Redirect URI in Okta
          • Test the integration
        • Create a SCIM integration
          • MuleSoft Anypoint Platform supported features
          • Integrate MuleSoft Anypoint Platform provisioning with Okta
      • Okta Org2Org
        • Okta Org2Org supported features
        • Integrate Okta Org2Org with Okta
      • Okta Identity Security Posture Management (ISPM)
      • OneLogin
        • Create an OneLogin OIDC integration
          • Integrate OneLogin with Okta
          • Configure Okta SSO in OneLogin
          • Configure Just-In-Time provisioning in OneLogin
          • Verify SP-initiated Single Sign-On (SSO)
        • Create an OneLogin SCIM integration
          • OneLogin supported features
          • Configure OneLogin provisioning with Okta
      • Oracle Human Capital Management
        • Oracle Human Capital Management supported features
        • Enable Oracle Human Capital Management provisioning
      • Oracle Identity Access Management
        • Oracle Identity Access Management supported features
        • Integrate Oracle Identity Access Management with Okta
      • PagerDuty
        • PagerDuty supported features
        • Integrate PagerDuty with Okta
      • Rally Software
        • Rally Software supported features
        • Integrate Rally Software with Okta
        • Add custom Rally Software attributes
      • RingCentral
        • RingCentral integration prerequisites
        • RingCentral supported features
        • Okta to RingCentral attribute mapping requirements
        • Manage your RingCentral integration
          • Integrate RingCentral with Okta
          • Enable RingCentral bidirectional attribute synchronization
          • Add custom RingCentral attributes
        • Troubleshoot RingCentral integrations
      • Salesforce
        • Salesforce supported features
        • Supported Salesforce custom attribute types
        • Manage your Salesforce integration
          • Enable Salesforce single sign-on
          • Enable Salesforce provisioning
          • Add attributes to a Salesforce profile
          • Configure OAuth and REST integration
          • Create a Salesforce Community integration
          • Create a Salesforce Portal integration
          • Create a Salesforce Government Cloud integration
      • SAP Analytics Cloud
        • SAP Analytics Cloud supported features
        • Integrate SAP Analytics Cloud with Okta
      • SAP Concur
        • SAP Concur supported features
        • Integrate SAP Concur with Okta
      • SAP SuccessFactors Employee Central
        • Learn about SAP SuccessFactors Employee Central integration
        • SAP SuccessFactors Employee Central integration prerequisites
        • SAP SuccessFactors Employee Central supported features
        • Learn about SAP SuccessFactors Employee Central data provisioning
        • Supported SAP SuccessFactors Employee Central entities and attributes
        • Manage your SAP SuccessFactors Employee Central integration
          • Integrate SAP SuccessFactors Employee Central with Okta
          • Set Time Zone Aware Pre-hires/Terminations
          • View the SAP SuccessFactors Employee Central Start Date attributes
      • SentinelOne
        • SentinelOne supported features
        • Enable SentinelOne provisioning
      • ServiceNow
        • ServiceNow (Eureka)
        • ServiceNow UD SSO migration guide
        • ServiceNow UD Provisioning migration guide
      • Slack
        • Slack integration prerequisites
        • Slack supported features
        • Supported Slack attributes
        • Integrate Slack with Okta
        • Troubleshoot Slack integrations
      • Splunk
        • Splunk Enterprise supported features
        • Enable Splunk Enterprise provisioning
      • Splunk Cloud
        • Splunk Cloud supported features
        • Configure Splunk Cloud provisioning with Okta
      • ThoughtSpot
        • Create ThoughtSpot OIDC integration
          • Integrate ThoughtSpot with Okta
          • Configure Okta IdP for ThoughtSpot
          • Verify SP-initiated Single Sign-On (SSO)
        • Create ThoughtSpot SCIM integration
          • ThoughtSpot supported features
          • Enable ThoughtSpot provisioning
      • Trend Micro
        • Trend Micro supported features
        • Integrate Trend Micro with Okta
      • Twilio
        • Twilio supported features
        • Integrate Twilio with Okta
      • UKG Pro
        • UKG Pro prerequisites and known issues
        • UKG Pro supported features
        • Create a UKG Pro report and report ID
        • Integrate UKG Pro with Okta
        • UltiPro template
      • Workato
        • Workato supported features
        • Integrate Workato with Okta
      • Workday
        • Workday incremental imports
        • Workday Real-Time Sync
        • Workday Email and Phone writeback
        • Configure Workday writeback for home and work contacts
        • Best practices and FAQ
        • Import with custom reports
      • Workplace by Facebook
      • Zendesk
        • Zendesk supported features
        • Zendesk considerations and limits
        • Integrate Zendesk with Okta
      • Zoho Mail
        • Zoho Mail supported features
        • Integrate Zoho Mail with Okta
      • Netskope Admin Console
        • Netskope Admin Console supported features
        • Integrate Netskope Admin Console with Okta
    • Access and customize app integrations
      • Assign app integrations
      • Manage app integration assignments
      • Manage Federation Broker Mode
        • Enable Federation Broker Mode
        • Disable Federation Broker Mode
        • Federation Broker Mode known limitations
      • Copy the embed link for an app integration
      • Redirect unauthenticated users to a custom login page
      • Redirect unassigned users to a custom error page
      • Convert app integrations from individually owned to group managed
      • Customize an app logo
      • Add notes to an app integration
      • Set up VPN notification
      • Reveal the password of an app integration
      • Pass Dynamic Authentication Context
      • Pass Device Context using Limited Access
    • Remove app integrations
      • Deactivate app integrations
      • Delete app integrations
    • Provision apps
      • Get started with provisioning
        • Provisioning
        • Lifecycle of a provisioned user
        • Add provisioned users
        • Workflow for deploying new provisioning app integrations
        • Workflow for adding provisioning to app integrations
        • On-premises provisioning
        • Workflow for deploying on-premises provisioning
      • Provision cloud applications
        • Search for an existing OIN app integration
        • Add an app integration to Okta
        • Create and configure a duplicate app instance
        • Configure provisioning for an app integration
        • Assign app integrations
      • Provision on-premises apps
        • On-premises provisioning and entitlements
        • Enable TLS 1.2
        • Install the Okta Provisioning Agent
        • Install the Okta On-prem SCIM Server agent
        • Agent configuration file
        • Okta On-prem Connector
          • Okta On-prem Connector guides
            • On-prem Connector for Oracle EBS
              • Supported attributes for Oracle EBS
            • On-prem Connector for SAP Netweaver ABAP
              • Configure admin roles for SAP Netweaver ABAP
              • Supported attributes for SAP Netweaver ABAP
            • On-premises Connector for Generic Databases
          • Supported entitlements by On-prem Connector
          • Install Okta On-prem Connector
          • Uninstall Okta On-prem Connector
          • SQL statements, stored procedures, and custom code
          • System requirements for On-prem Connectors - Oracle EBS and SAP Netweaver ABAP
          • System requirements for On-premises Connector - Generic Databases
        • Create an instance of your on-premises app in Okta
        • Create and test SCIM connectors
          • Create SCIM connectors for on-premises provisioning
          • Test SCIM connectors for on-premises provisioning
          • SCIM messages for on-premises provisioning
        • Connect to a SCIM connector
        • Configure the API call timeout period
        • Make an on-premises app the profile source
        • Okta Provisioning Agent incremental import
        • Upgrade Okta Provisioning Agent
        • Uninstall and reinstall the Okta Provisioning Agent
      • Manage provisioned users
        • Assign an app integration to a user
        • Provision users
        • Automatically update user attributes
        • Assign an app integration to a group
        • Convert an individual assignment to a group assignment
        • Automatically deactivate app users
        • Deprovision a user
        • Reactivate a user profile
      • Troubleshoot provisioning
      • Provisioning Integration Error Events
    • App integrations FAQ
    • API Service Integrations
      • Add an API Service Integration
      • Rotate a Client Secret for an API Service Integration
      • Revoke an API Service Integration
  • Devices
    • Device Trust
      • Managed Windows computers
      • MDM-managed Android devices
      • MDM-managed iOS devices
      • Integrate Okta with Workspace ONE for Android and iOS devices
        • Enforce Device Trust and SSO for mobile devices
          • Step 1: Configure Workspace ONE Access as an Identity Provider in Okta
          • Step 2: Configure Okta application source in Workspace ONE Access
          • Step 3: Configure Routing Rules, Device Trust, and Client Access Policies in Okta for iOS and Android Devices
        • Configure streamlined Device Enrollment and Workspace ONE login using Okta
          • Configure Okta as an Identity Provider for Workspace ONE Access
        • (Optional) Publish Okta apps to the Workspace ONE catalog
      • Integrate Okta with Workspace ONE for macOS and Windows devices
        • Enforce Device Trust and SSO for desktop devices
          • Step 1: Configure Workspace ONE Access as an Identity Provider in Okta
          • Step 2: Configure Okta application source in Workspace ONE Access
          • Step 3: Configure Device Trust and Access Policies in Workspace ONE for desktop devices
        • Configure streamlined Device Enrollment and Workspace ONE login for desktop devices using Okta
          • Configure Okta as an identity provider for Workspace ONE Access
        • (Optional) Publish Okta apps to the Workspace ONE catalog
      • TPM and Okta Device Trust for Windows devices
    • Okta Mobile
      • About Okta Mobile
      • Configure settings
      • Hide apps from Okta Mobile
      • Okta Mobile Safari Extension
    • Okta Android apps outside Google Play Store
  • Authentication
    • Enable delegated authentication for LDAP
    • Identity providers
      • Add a social login (IdP)
      • Add a SAML 2.0 IdP
        • Add a SAML Identity Provider
        • Add metadata for an Identity Provider
        • Configure Universal Directory mappings
        • Specify an error page for Identity Provider, SAML, or SSO
        • Customization options for inbound SAML
      • Add a Smart Card IdP
        • Format a PKI certificate chain
        • Add a Smart Card identity provider
          • Smart Card idpUser expressions
          • Expressions
        • Test the Smart Card or PIV card configuration
        • Troubleshooting Smart Card and PIV card authentication
      • Identity provider routing rules
        • Configure identity provider routing rules
        • Configure dynamic routing rules
        • Modify routing rules
      • Generic OpenID Connect
      • Add an Okta Integration identity provider
    • Multifactor Authentication
      • About MFA
      • MFA factor configuration
        • Okta Verify
          • Configure Okta Verify
          • Collected data types
          • Supported platforms
        • Custom IdP Factor
        • Custom TOTP factor (MFA)
        • Duo
        • Email
        • Google Authenticator
        • Security Question
        • SMS
        • Symantec VIP
        • Voice Call
        • FIDO2 (WebAuthn)
          • Passkeys (FIDO2 WebAuthn) support and behaviorFIDO2 (WebAuthn) support and behavior
        • YubiKey
      • MFA enrollment policies
        • Configure an MFA enrollment policy
        • App Condition
        • MFA Factor Sequencing
      • MFA for third-party agents
        • Okta On-Prem MFA agent (formerly RSA SecurID)
          • Add and configure On-Prem MFA/RSA SecurID
          • Disable SSL Pinning
          • Install the On-Prem MFA Agent
          • Configure high availability
          • Configure verbose logging
          • Uninstall and reinstall the agent
        • Okta MFA Credential Provider for Windows
          • Configure your Okta org for MFA Credential Provider for Windows
          • Assign users/groups to the Microsoft RDP (MFA) app
          • Install the Okta Credential Provider for Windows
          • Verify MFA for RDP sessions
          • Configure a system proxy account
          • Troubleshoot MFA issues for the MFA Credential Provider for Windows
        • Okta MFA provider for Active Directory Federation Services
          • Install and configure Microsoft ADFS in Okta
          • Install the Okta ADFS Plugin on your ADFS Server
          • Enable the Okta MFA Provider in ADFS
          • Add Access Control Policy to a Relying Party Application
          • Assign the Microsoft ADFS (MFA) application
          • Verify the Okta MFA prompt when signing in to ADFS
          • Enable OpenID Connect with existing Active Directory Federation Services apps
          • Enable MFA for Active Directory Federation Services (ADFS) as a service
          • Troubleshooting
          • Farm addendum
          • Uninstall the Okta ADFS Plugin on your ADFS Server
          • Configure MFA for Active Directory Federation Services (ADFS)
        • MFA for Electronic Prescribing for Controlled Substances - Hyperspace
          • MFA for Electronic Prescribing for Controlled Substances (EPCS) - Flow
          • Install and configure Epic Hyperspace in Okta
          • Install the Okta Hyperspace Agent
          • Configure a device in Chronicles
          • Configure Hyperspace
          • Test the user sign-in process
          • Troubleshoot the Hyperspace integration
        • MFA for Electronic Prescribing for Controlled Substances - Hyperdrive
          • MFA for Electronic Prescribing for Controlled Substances - Flow
          • Install and configure Epic Hyperdrive in Okta
          • Install the Okta Hyperdrive Agent
          • Configure Hyperdrive to integrate with Okta
          • Configure a Chronicles device
          • Test the user sign-in process
          • Troubleshoot the Hyperdrive integration
        • MFA for Oracle Access Manager
          • Configure MFA Factor MFA Authenticator enrollment in Okta
          • Install and configure the Oracle Access Manager plugin
          • Deploy OktaWidget.war
          • Manually activate the Okta OAM plugin
          • Configure Module, Scheme and Policy
          • Enable SSL on OAM servers
      • Reset MFA for end users
    • Sign-on policies
      • App sign-on policies
      • Okta sign-on policies
      • Password policies
      • Configure an app sign-on policy
      • Configure an Okta sign-on policy
      • Configure a password policy
    • RADIUS Integrations
      • Getting Started with RADIUS Integrations
        • About the Okta RADIUS Agent
        • Install and configure the RADIUS Agent
        • About creating Okta applications that use the RADIUS agent
        • Install Okta RADIUS server agent on Windows
          • Install the Okta RADIUS Server Agent for Windows
          • Configure properties
          • Access and manage log files
          • Troubleshoot the Windows RADIUS agent
          • Uninstall the Windows RADIUS agent
        • Install Okta RADIUS server agent on Linux
          • Install the RADIUS Linux server agent
          • Configure proxies
          • Configure properties
          • Manage the agent
          • Troubleshoot the Linux RADIUS agent
          • Access and manage log files
          • Uninstall the agent
        • Determine the RADIUS agent version
      • RADIUS Integrations
        • Amazon WorkSpaces
          • Prepare Amazon WS
          • Install and configure the RADIUS agent in AWS
          • Configure AWS inbound rules
          • Add the Amazon WorkSpaces app
          • Amazon Workspaces with MFA User Experience
          • Configure Amazon Workspaces MFA
          • Provision users
        • BeyondTrust
          • Add the BeyondTrust MFA (RADIUS) app
          • BeyondTrust optional settings
          • Configure the BeyondInsight gateway
          • Testing the BeyondInsight integration
          • Troubleshoot the BeyondInsight integration
        • Check Point
          • Check Point RADIUS integration flow
          • Add the Check Point Software (RADIUS) app
          • Configure the Check Point SmartConsole
          • Configure Check Point optional settings
          • Test the Check Point RADIUS integration
          • Troubleshoot the Check Point integration
        • Cisco Meraki
          • Cisco Meraki RADIUS integration flow
          • Add the Cisco Meraki Wireless LAN (RADIUS) app
          • Cisco Meraki optional settings
          • Configure Cisco Meraki to use the Okta RADIUS Agent
          • Configure wireless clients for Cisco Meraki
          • Troubleshoot Cisco Meraki integrations
        • Cisco ASA IKEv2 VPN
          • Add the Cisco ASA IKEv2 RADIUS app
          • Configure the Cisco ASA VPN to interoperate with RADIUS
          • Configure optional settings
          • Configure the Windows VPN
          • Configure trusted root CA
          • Test the Cisco ASA integration
        • Cisco ASA VPN
          • Add the Cisco ASA VPN (RADIUS) app
          • Configure the Cisco ASA gateway
          • Configure optional settings
          • Test the Cisco RADIUS ASA VPN integration
        • Cisco FMC
          • Add the Cisco VPN for Firewall Management Center RADIUS app
          • Configure Cisco Firewall Management Center
          • Test the Cisco Firepower Management Center integration
        • Citrix Netscaler
          • Citrix Gateway supported versions, clients, features, and factors
          • Add the Citrix Gateway (RADIUS) app
          • Configure the Citrix Gateway
          • Configure optional settings
          • Citrix Gateway end user experience
        • F5 BigIP APM
          • Add the F5 BIG IP RADIUS app
          • Configure F5 BIG IP APM gateway
          • Configure F5 BIG IP optional settings
          • Test the F5 BIG IP integration
        • Fortinet Appliance
          • Add the Fortinet Fortigate (RADIUS) app
          • Configure the Fortinet gateway
          • Configure optional settings
          • Test the Fortinet appliance integration
          • Troubleshoot the Fortinet Application integration
        • NetMotion Mobility
          • Add the NetMotion Mobility (RADIUS) app
          • Netmotion Mobility - Add trusted root certificate
          • Configure NetMotion Mobility to work with RADIUS
          • NetMotion Mobility user experience
        • Palo Alto Networks VPN
          • Palo Alto Networks supported features and factors
          • Add the Palo Alto Networks VPN (RADIUS) app
          • Configure Palo Alto Networks VPN to use the Okta RADIUS
          • Configure optional settings
          • Test the Palo Alto Networks VPN integration
          • Troubleshoot the Palo Alto Network VPN integration
        • Pulse Connect Secure
          • Pulse Connect Secure supported versions, and factors
          • Add the Pulse Connect Secure (RADIUS) app
          • Configure the Pulse Connect Secure gateway
          • Pulse Secure optional settings
          • Test the Pulse Connect Secure integration
        • Sophos UTM
          • Add the Sophos UTM (RADIUS) app
          • Configure the Sophos USM gateway
          • Sophos UTM optional settings
          • Test the Sophos UTM integration
        • VMWare Horizon View
          • Add the VMware Horizon View (RADIUS) app
          • Configure the VMware Horizon View Connection Server
          • VMware Horizon View optional settings
          • Test the VMware Horizon integration
        • Autopush for RADIUS
      • RADIUS applications in Okta
        • Add the RADIUS app
        • Configure the RADIUS customer application
        • Test the generic RADIUS integration
        • Client IP reporting
        • Okta group membership information for authorization
        • RADIUS service address filtering
      • RADIUS server best practices
        • About certificates
        • About the Okta RADIUS server agent
        • Okta RADIUS Server Agent flow
        • RADIUS deployment architectures
        • RADIUS session persistence best practices
        • RADIUS throughput and scaling benchmarks
        • RADIUS common issues and concerns
        • RADIUS server logging
        • RADIUS network zones
      • SAML integration advantages
  • Org-level security
    • Administrator roles
      • Learn about administrators
        • Custom admin roles
        • Super administrators
        • Organization administrators
        • Application administrators
        • Group administrators
        • Group membership administrators
        • Help desk administrators
        • Report administrators
        • Mobile administrators
        • Read-only administrators
        • API Access Management administrators
        • Access requests administrators
        • Access certifications administrators
        • Workflows Administrator
      • Set up administrators
        • Use custom admin roles
          • Role permissions
            • Permission conditions
          • Work with the resource set component
            • Create a resource set
            • Edit a resource set
            • Resource set conditions
            • Create an admin assignment using a resource set
          • Work with the role component
            • Create a role
            • Edit a role
            • Create an admin assignment using a role
        • Use standard roles
          • Standard administrator roles and permissions
          • Edit resources for a standard role assignment
        • Work with the admin component
          • Create an admin role assignment using an admin
        • Configure help desk administrators
        • Configure third-party administrators
        • Remove an admin role assignment
        • Configure email notifications for an admin role
        • Configure administrator settings
        • Enable MFA for the Admin Console
      • Administrator resources
        • Administrators page
        • Best practices for group admin role assignments
        • Best practices for creating a custom role assignment
        • Guidance for structuring Okta groups
        • Get started with Okta
      • Govern Okta admin roles
        • Get started
        • Configure policies for Govern Okta admin roles apps
        • Access Requests for admin roles
          • Create an admin role bundle
          • Manage admin role bundles
          • Create an access request condition
          • Manage access request conditions
          • Manage an approval sequence
          • Request admin role assignment
          • Manage admin role access requests
        • Access Certifications for admin roles
          • Create campaigns to review admin roles
          • Manage campaigns
          • Review access to admin roles
    • Breached credentials protection
      • Configure breached credentials protection
      • Test your breached credentials protection configuration
      • User experience with breached credentials protection
    • Configure Admin Console session
    • General Security
    • Protected actions in the Admin Console
    • HealthInsight
      • About HealthInsight
      • HealthInsight tasks and recommendations
        • Limit the number of super admins
        • Disable weaker MFA factors in factor enrollment policies
        • Enforce a limited session lifetime for all policies
        • Suspicious Activity Reporting
        • Sign-on notifications for end users
        • Factor enrollment notifications for end users
        • Factor reset notifications for end users
        • Password changed notification for end users
        • Enable SAML or OIDC authentication for supported apps
        • Change the authentication frequency
        • Evaluate a risk score for each request
        • Blocklist network zones
        • Enable strong password settings for password policies
        • MFA for the Admin Console
        • Set required factors for MFA enrollment policies
        • Blocklist proxies with high sign-in failure rates
    • Network zones
      • Network zone types
        • IP zones
          • IP exempt zone
        • Dynamic zones
        • Enhanced dynamic zones
          • Supported IP service categories
      • Manage network zones
        • Create an IP zone
        • Create a dynamic zone
        • Create an enhanced dynamic zone
        • Edit or delete a network zone
        • Add IPs to a network zone from the System Log
      • Use network zones in your org
        • Generate a Proxy IP report
        • Add a network zone to policies
        • Create a network zone for IWA
        • Troubleshoot network zone issues using System Log
        • Use network zones with VPN notifications
        • Use zones in routing rules
        • Unblock false positives in System Log
      • Network zones FAQ
    • Recent Activity
    • Risk scoring
    • Behavior Detection and evaluation
      • About Behavior Detection
        • Improved New Device Behavior Detection
      • About behavior types
      • Behavior Detection System Log events
      • Configure Behavior Detection
        • Add a location behavior
        • Add IP behavior
        • Add device behavior
        • Add a velocity behavior
        • Add an ASN behavior
        • Manage behavior settings
        • Reset the user behavior profile
        • Add a behavior to a sign-on policy rule
      • Risk Scoring and Behavior Detection
      • Behavior Detection and risk evaluation FAQ
    • ThreatInsight
      • About Okta ThreatInsight
      • Configure Okta ThreatInsight
      • Exclude IP zones from Okta ThreatInsight evaluation
      • System Log events for Okta ThreatInsight
      • HealthInsight reporting on Okta ThreatInsight
    • Telephony
      • Choose telephony provider
      • Regulatory compliance
      • Prevent or mitigate telephony-based fraud
      • Configure and use telephony
      • Configure a telephony provider through an inline hook
      • Configure Workflows for Telephony
    • API access management
      • Build authorization servers
        • Create an authorization server
        • Create API access scopes
        • Create API access claims
        • Create access policies
        • Test your authorization server configuration
        • Add trusted servers
        • Rotate signing keys
        • Encrypt access tokens for authorization servers
        • Delete an authorization server
      • Manage Okta API tokens
      • Configure Trusted Origins
        • Trusted Origins for iFrame embedding
    • Allow access to Okta IP addresses
    • Mitigate the impact of third-party cookie deprecation
  • Identity Governance
    • Overview
    • Access Certifications Access Certifications
      • Campaigns
        • Get started
        • Customizable reviewer context
        • Governance analyzer
        • Configure Governance Analyzer settings
        • Best practices for creating campaigns
        • Create preconfigured campaigns
          • Discover inactive users campaign limits
        • Create resource campaigns
        • Create user campaigns
        • Recurring campaign considerations
        • Examples of Okta Expression Language
        • Understand Disable self-review
        • Understand remediation
        • Assignment methods
        • View the progress of an active campaign
        • View previously completed campaigns
        • Copy campaigns
        • Modify a scheduled campaign
        • Modify campaign's end date
        • Certification campaign reviews
          • Review campaigns
          • Reassign review items
      • Security access reviews
        • Get started
        • Launch a security access review
        • Understand remediation
        • Understand prioritization
        • Manage Security Access Reviews
        • Review access
    • Access Requests
      • Get started
      • Conditions
        • Configure policies for Access requests apps
        • Configure settings
        • Create a condition
        • Create an access request condition for a resource collection
        • Manage access request conditions
        • Configure an approval sequence
      • Request types
        • Configure your Okta org for request types
          • Create a team
          • Modify a list
        • Create a request type
        • Configure a request type associated with bundles
        • Request type settings
        • Create a sample Request Type
      • Create requests
        • End-User Dashboard
        • Access Requests web app
        • Slack
        • Microsoft Teams
      • Manage tasks
      • Escalate tasks
      • Manage requests
      • Export data
      • Notifications
    • Entitlement Management Entitlement Management
      • Get started
      • Considerations and limits
      • Provisioning-enabled apps
        • Apps with entitlement support
        • Configure a provisioning-enabled app
        • Provisioning-enabled app limits
        • Coupa requirements
        • GitHub Team requirements
        • Google Workspace requirements
        • NetSuite requirements
        • Salesforce requirements
        • Workday requirements
      • Enable Entitlement management
      • Create campaigns to audit entitlements
      • Entitlements
        • Create
        • Manage
        • Sync entitlements from provisioning-enabled apps
        • Revoke entitlements in downstream apps
      • Entitlement policy
        • Create policy
        • Examples of Okta Expression Language
        • Preview policy
        • Apply policy
        • Manage policy
      • Entitlement bundles
        • Create
        • Manage
    • Resource collections
      • Get started with resource collections
      • Create a resource collection
      • Manage resource collections
      • Manage resource collection assignments
      • Manage resource collection apps
    • Separation of duties
      • Get started with separation of duties
      • Create separation of duties rules
      • Manage separation of duties rules
      • Understand separation of duties conflicts
    • User and resource management
      • Resource owners
        • Assign resource owners
        • Change resource owners
        • Remove resource owners
      • Resource labels
      • Group ownership
        • Configure Okta group owners
        • Import from Active Directory
      • Update group profile attributes
        • Add custom attributes to the default group profile
      • Assign entitlements to users
      • Import user entitlements from CSV
      • Manage user entitlements
      • View user entitlements
      • Governance delegates
        • Assign delegate from the Admin Console
        • Manage delegates
        • Governance tasks for delegates
    • Settings
      • Enable end users to assign delegates
      • Integrations
        • Considerations and best practices for integrating Slack and Microsoft Teams
        • Integrate Slack
        • Configure settings for Slack
        • Integrate Microsoft Teams
        • Integrate Jira
        • Integrate ServiceNow
      • Enable AI
      • Allow requesters to escalate tasks
    • Reports
      • Active Campaign Summary
        • Column reference
      • Active Campaign Details
        • Column reference
      • Past Campaign Details
        • Column reference
      • Past Campaign Summary
        • Column reference
      • Auditor reporting package
        • Generate the auditor reporting package
      • Past Access Requests report
      • Past Access Requests (Conditions) report
      • Separation of duties report
      • User Entitlements report
  • Okta Privileged Access Okta Privileged Access
    • Requirements and limitations
    • Get started with Okta Privileged Access Okta Privileged Access
      • Set up Okta Privileged Access
      • Configure group sync
    • Users and Groups administration
      • Groups
      • Service users
    • Resource administration
      • Resource groups
      • Resource assignment
      • Manage service accounts
        • Certify service accounts
      • Manage Active Directory accounts
        • Requirements and limitations
        • Get started with Active Directory accounts
        • Grant Okta Active Directory (AD) agent password management permissions
        • Set up Active Directory domains
        • Active Directory account rules
          • Set up Active Directory account rules
        • Manual account assignment
        • Windows domain controller
      • Projects
        • Servers
        • Secrets
          • Secret folders
        • Okta service accounts
        • SaaS app service accounts
        • Active Directory accounts
      • Sudo command bundle
        • Create a sudo command bundle
      • System Configuration
    • Security administration
      • Security policy
        • Add rules to a policy
        • Rule conditions
      • Okta Privileged Access with Access Requests
      • Multifactor authentication
      • Privileged elevation
      • Checkout
        • Enable checkout
        • Force a checkin
    • Workloads
      • Requirements and limitations
      • Get started
      • Configure workload connection
      • CLI command for workload authentication
      • Configure workload roles
      • Principal SSH access for automated workloads
    • User guide
    • Deploy and manage servers
      • Install the Okta Privileged Access server agent
        • Install the Okta Privileged Access server agent on Red Hat (RHEL), Amazon Linux, or Alma Linux
        • Install the Okta Privileged Access server agent on SUSE Linux
        • Install the Okta Privileged Access server agent on Ubuntu or Debian
        • Install the Okta Privileged Access server agent on Windows
      • Server Enrollment
        • Create a server enrollment token
        • Verify server enrollment
        • Unenroll a server from Okta Privileged Access
      • Managed Okta Privileged Access server agent
        • Customize SSHD configurations for servers
        • Configure agent lifecycle management hooks for Okta Privileged Access
      • Configure the Okta Privileged Access server agent
    • Okta Privileged Access clients
      • Install the Okta Privileged Access client
        • Install the Okta Privileged Access client on macOS
        • Install the Okta Privileged Access client on Red Hat (RHEL), Amazon Linux, or Alma Linux
        • Install the Okta Privileged Access client on SUSE Linux
        • Install the Okta Privileged Access client on Ubuntu or Debian
        • Install the Okta Privileged Access client on Windows
      • Enroll the Okta Privileged Access client
        • Silently enroll the Okta Privileged Access client
      • Use the Okta Privileged Access client
      • SFT keyring
      • URL handler
      • SSH setup
        • Customize SSH configurations for clients
      • RDP setup
      • Configure clients for use with Okta Privileged Access
        • Configure Cygwin for Okta Privileged Access
        • Use PuTTY for Okta Privileged Access
        • Configure Royal TSX for Okta Privileged Access
        • Use WinSCP for Okta Privileged Access
    • Gateways
      • Install the Okta Privileged Access gateway
        • Install the Okta Privileged Access gateway on Red Hat (RHEL), or Amazon Linux
        • Install the Okta Privileged Access gateway on Ubuntu or Debian
      • Create tokens and labels
      • Configure the Okta Privileged Access gateway
      • Manage the Okta Privileged Access gateway
      • Session recording
        • Enable session recording on a project
        • Install the RDP Session transcoder
        • Manage session logs
      • Okta Privileged Access gateway capacity planning
      • Okta Privileged Access gateway high availability
    • Audit Events Integration with Okta System Log
    • Kubernetes access management
      • Configure Kubernetes access management
      • Kubernetes cluster connections
    • Reference
      • Roles and permissions
      • Okta Privileged Access accounts
      • Components
      • User attributes
        • Configure team-level user attributes
        • Import user attributes using custom mappings
        • Attribute conflicts
      • Okta Privileged Access port requirements
      • Security policy concepts
      • Server name resolution
      • Secret permissions
      • User management
        • User management in Linux
        • User management in Windows
      • Windows Internals
      • Supported SaaS apps
      • Supported operating systems
      • Get support
  • Automations and hooks
    • Automations
      • Add an automation
    • Inline hooks
      • Add an inline hook
      • Preview an inline hook
      • View usage metrics for your inline hooks
      • Delete an inline hook
      • Manage keys
    • Event hooks
      • Create an event hook
      • Edit an event hook filter
        • Okta Expression Language
      • Verify an event hook
      • Preview an event hook
    • Delegated flows
      • Run a delegated flow
  • User experience
    • Account settings
      • Set up contacts
      • Give access to Okta Support
      • Enable the Directories Debugger
      • Configure client-based rate limiting
      • Set up rate limit notifications
      • Configure your email notifications
    • Branding
      • Set a theme for your org
      • Customize your sign-in page
        • Understand Sign-In Widget color customization
      • Customize an error page
      • Apply your theme to Okta email notifications
      • Customize the footer for your org
      • Configure a custom domain
      • Disable the Okta loading page
      • Org display language
    • Customization settings
      • Customize personal information and password management
      • Configure optional user account fields
      • Customize a sign-out page
      • Configure a custom application error page
      • Customize the Content Security Policy (CSP) for a custom domain
      • Configure the Okta Browser Plugin settings
      • Manage dashboard tabs for end users
      • Configure reauthorization frequency for the Okta Admin Console
      • App settings for end users
    • Downloads
      • Email and SMS
        • Customize an email template
        • Test a customized email template
        • Customize an SMS message
        • Configure a custom email address
        • Velocity Template Language
      • Features
    • Okta Personal for Workforce
      • Configure interface updates
      • Configure app migration to Okta Personal
      • Okta Personal for Workforce user experience
    • Okta End-User Dashboard
      • End-user experience
      • Create sign-on policies with Okta Applications
      • Control access to the Okta End-User Dashboard
      • Recently used apps
      • Disable Okta communications to end users
    • Okta Browser Plugin
      • Security features
      • Allow users to add apps
      • Control access to the Okta Browser Plugin
      • Configure custom end-user portals
      • Prevent browsers from saving credentials
      • Okta Browser Plugin permissions for web extensions
      • Manage installation and upgrade
      • Make apps detectable to the Okta Browser Plugin
      • Silent installations
        • Chrome
        • Firefox
        • Internet Explorer
      • Supported browsers
      • End of support for TLS 1.1
    • Okta first-party App Switcher
  • References and specifications
    • Supported operating systems and browsers
    • Object IDs
    • Supported Okta email address characters
    • Supported display languages
    • Okta agent support policies
    • Okta disaster recovery
      • Initiate failover and failback for your org
    • Downloads and version histories
      • Okta Active Directory agent version history
      • Okta Active Directory Password Sync agent version history
      • Okta ADFS Plugin version history
      • Okta Browser Plugin version history
      • Okta Confluence Authenticator version history
      • Okta Device Trust for macOS Registration Task Version History
      • Okta Device Trust for Windows Desktop Registration Task Version History
      • Okta Hyperdrive agent version history
      • Okta Hyperspace agent version history
      • Okta Jira Authenticator version history
      • Okta LDAP agent version history
      • Okta MFA Credential Provider for Windows version history
      • Okta On-prem Connector version history
      • Okta On-Prem MFA agent version history
      • Okta Oracle Access Manager Plugin Version History
      • Okta People Picker for Sharepoint agent version history
      • Okta Provisioning agent and SDK version history
      • Okta RADIUS Server agent version history
      • Okta SSO IWA Web App version history
      • Okta Secure Access Monitor plugin version history
      • Validate agent downloads
    • Documentation for end users
    • Upgrade to Identity Engine
    • Migrate policies and apps from Microsoft Entra ID to Okta
      • Migration tasks
      • Prepare for the migration
      • Migrate policies
      • Migrate apps
      • Configure bookmark apps
      • Complete your Okta setup
    • Glossary
  1. Org-level security
  2. Administrator roles
  3. Administrator resources

Administrator resources

Use these resources as you make admin assignments, scope admins to specific resources, and set up your admins' notification preferences.

Topics

  • Best practices for creating a custom role assignment
  • Best practices for group admin role assignments
  • Guidance for structuring Okta groups
  • Get started with Okta

© Okta, Inc. All Rights Reserved. Various trademarks held by their respective owners.

Top