Manage realms
Early Access release
Realms enable efficient management of user populations within a single organization. With realms, you can partition users in the Universal Directory while allowing them to share resources. Each realm consists of users stored and managed separately within an Okta org. Realms let you delegate the administration of users and groups to external collaborators or business units.
You can use Workflows and APIs for managing tasks that occur repeatedly, such as creating a realm, adding or moving users, and performing other repetitive actions. You can also use the Okta Expression Languageto scope Access Certifications campaigns and Entitlement Management policies to users in single or multiple realms.
Okta Identity Governance is required for realms. See the Identity Governance section for more information.
Roles and permissions
Role | Description |
---|---|
Super admin | Can create or delete a realm. |
Org admin | Can create or delete a realm. |
Delegated realm admin | Realms don't have an admin by default. A custom admin role must be created to assign permissions to manage realms and users within those realms. Custom admins can manage users, assign apps to users through groups, and review which groups and apps are assigned to the realm. Custom admins with All Realms assigned to them as a part of the resource set can also create or delete realms. |
User | Realm users can access applications assigned to them by the realm admin. Users can only exist in one realm at a time. |
Related topics
Realms with Okta Identity Governance