Requirements and limitations

Review the following before you use Okta Privileged Access:

  • Users must install version 1.7.x or higher of Okta Privileged Access client, server agent, and gateway. Okta Privileged Access doesn't provide the option for users to request group membership or for approvers to manage Okta group membership by approving requests. However, Okta Identity Governance customers can manage group membership for groups assigned PAM admin, security admin, or resource admin roles using Okta Privileged Access with Access Requests.

  • Use of Okta Credential Provider for Windows with Okta Privileged Access isn't supported.

  • The following are the current maximum limits for various items in Okta Privileged Access:

    Security policy

    Configuration items Maximum
    Security policies per team 250
    Rules per policy 30
    Labels selectors per rule 10
    Principals per policy. Maximum for user and group entries. 40

    Resource administration

    Configuration items Maximum
    Resource groups per team 100
    Projects per team 10,000


    Configuration items Maximum
    Top-level folders team-wide 250
    Secret size 64KB
    Nested folders 50 levels deep
    Key name 255 characters
    Secret and folder names 255 characters

    Secrets may not be used to store any unlawful or infringing material, controlled or classified information, or any other data that is not permitted to be entered into the Service by Okta’s Master Subscription Agreement.

    Entitlement analysis and discovery

    Configuration items Maximum
    Cloud connections per team 3
    Entitlement analysis jobs per team 3
    IaaS account per entitlements analysis job 10
    Max number of AWS IAM Identity Center users 500

Related topics

Set up Okta Privileged Access

Security administration

Resource administration

Cloud infrastructure entitlements