Limit the number of super admins
Admin roles allow you to control user access to a range of Okta functions. You can assign more than one role to an individual admin if their job requires them to perform actions that span multiple roles. This role can create other admins, assign or remove permissions, and perform all other admin activities. The super admin has the highest permissions of all admin roles.
For more information, see Super administrators.
HealthInsight task recommendation
Ensure that org admins aren't assigned more permissions than necessary.
Okta recommends |
Limit the number of super admins only to users who require super admin access. All other admins should only have the permissions as required for their role. Plan for a recurring assessment of all admin privileges to ensure that these best practices are met. |
Security impact |
Critical |
End-user impact |
None |
Change admin privileges to a user or an Okta group
- In the Admin Console, go to .
- Under Admin Roles, select the Super filter to display only super admins.
- Next to each user entry, click Edit. The Edit Administrator window appears.
- From the list of admin roles, assign a role other than super admin to the user.
- Click Update Administrator.