Create an admin role bundle

Early Access release. See Enable self-service features.

You can pair an admin role with a resource set to create an admin role bundle. Using admin role bundles, orgs can easily grant and revoke admin privileges from the users in their org.

If a user is already granted an admin role through a group or individual assignment, Okta recommends that you revoke the assignment before you grant the admin role bundle to the user. This ensures that Access Certifications doesn’t include duplicate admin assignments. This makes Access Certifications campaigns more efficient for reviewers by reducing duplicate review items.

Before you begin

Start this task

  1. In the Admin Console, go to SecurityAdministratorsGovernance.
  2. A Security and Sub-Processor Update disclaimer appears the first time that you view the Governance tab. Click I acknowledge to proceed.

    Govern Okta admin roles may use security controls and sub-processors that are different from those used in other Workforce Identity Cloud subscriptions. For more information, see Okta Trust and Compliance Documentation.

  3. On the Admin role bundles tab, click Create bundle. The Admin role bundle details page opens.
  4. Enter a unique Name and Description for the role bundle. This is the text that users see when they request access to it.
  5. Select an Admin role.
    1. If you select a custom role, the Resource set field appears. Select the resource set that you want to pair with the role.
    2. If you select the help desk, group, or group membership admin role, the Select groups field appears. If you select the application admin role, the Select apps field appears. Select the groups or apps that you want to pair with the role.
    3. Optional. Select All groups or All applications to bundle all applicable resources with the admin role.
    4. Some admin roles are scoped to all of your org’s resources, so you don’t need to select a resource.

  6. Click Create.

Next steps

Create an access request condition

Manage admin role access requests

Review access to admin roles