Requirements and limitations

Early Access release

The following are current requirements and scale limits for various items in realms.

Object segmentation

  • Users must belong to a realm, but groups and apps exist independently of realms.

  • Groups, apps, servers, and devices can't be scoped to a particular realm. These are available at the org level.

  • Group rules can't be defined with the scope of users in a realm.

  • Identity providers can't belong to a realm. They are at the org level.

Scale limits

Configuration per org Maximum
Realms 500
Realm assignments 500
Profile source 10 realm assignments per profile source

Permissions

Creation and management of realm assignments can only be delegated to custom admins who have access to all realms.

Policies

  • Only authentication policy rules can be scoped to users in a realm through the Okta Expression Language.

  • Global Session Policies can't be scoped to users in a realm.

Governance

  • Access Certifications campaigns and Entitlement Management policies can be scoped to realms only through the Okta Expression Language.

  • Access Requests aren't supported in realms.

Related topics

Get started with realms