Admin role assignments report
The Admin role assignments report shows the admin roles, apps, and resource sets that are assigned to the admins in your org. You can run the report for all admins, individual admins, or groups.
Prerequisites
- Ensure that you're signed in as a super admin.
- If you have the Manage third-party admins checkbox enabled in your org on the page, the report includes a Third-party admin column.
Parameters
You can filter the Admin role assignments report with any of the following parameters:
- Admins
- Roles
- Resource sets
Procedure
There are two ways that you can access the Admin role assignments report:
From the Reports page
- In the Admin Console, go to .
- Click Admin role assignment report.
From the Administrators page
-
In the Admin Console, go to .
- Go to the Overview tab.
- Click Create report. The Admin role assignment report page opens.
Get the report
-
Select your options for Admin, Role, and/or Resource set components on the Admin role assignment report page.
Component
Options Description
Admin
All admins The report includes all users that have admin roles assigned, both individually and through group membership. Specific admins (users or groups) Enter the name of the users and groups that you want to include in the report. Individually assigned admins The report includes users who get their admin role assignments through individual assignments. Group assigned roles The report includes users who get their admin role assignments through group membership. Role
All roles The report includes all roles. Permissions within the roles are also included for custom admin roles. Specific roles Enter the names of the roles that you want to include in the report. Individual permissions Enter the individual permissions that you want to include in the report. Resource set
All resources The report includes all resources and resource sets. Specific resource sets Enter the names of the resource sets that you want to include in the report. Individual resources Select the resource type and enter the names of resources that you want to include in the report. 
You can also click Request report without selecting any options. This gives you an overall report for your org.
-
Click Request report.
The reports are delivered by email to the email address associated with your account.
Report output
The Admin role assignments report output includes the following fields:
|
Field
|
Description
|
|---|---|
| Resource set |
Displays the resource set name. This field is blank for standard roles that have access to all of the org's resources. |
| Contained resource |
Displays the resources that are included in the assigned resource set. |
| Role |
Displays the role name. |
| Contained permission | Indicates if the admin role is standard or custom. For custom roles, this field displays all of the included permissions. |
| Permissions constrained with conditions | Indicates if the admin role has Permission conditions. |
| Admin | Displays the admin's first and last name. |
| Login | Displays the email address (username) that the admin uses to sign in to Okta. |
| Displays the admin's primary email address. | |
| Last login | Displays the date and time of the admin's most recent sign-in attempt. The field is blank if the admin has never signed in to Admin Console. |
| Is third party admin | Indicates if the admin has the third-party admin status. |
| Role assigned to | Indicates if the role was assigned to the admin individually or through a group. For group assignments, the group name appears. |
| Expires in | If the role is granted through an access request, this field displays the expiration date. See Govern Okta admin roles. Early Access release. See Enable self-service features. |
| Bundle name | If the role was granted through an access request, this field displays the admin role bundle name. See Govern Okta admin roles. Early Access release. See Enable self-service features. |
Admin role names
Some admin role names appear differently in the report output and in Okta.
|
Role name in Okta
|
Role name in the report
|
|---|---|
| Super administrator | SuperOrgAdmin |
| Organization administrator | OrgAdmin |
| Application administrator | AppAdmin |
| Group administrator | GroupAdmin |
| Group membership administrator | GroupMember |
| Help desk administrator | HelpDeskAdmin |
| Report administrator | ReportAdmin |
| Read-only administrator | ReadOnlyAdmin |
| API Access Management administrator | ApiAccessManagementAdmin |
| Mobile administrator | MobileAdmin |