Administrators

Administrators (or Admins) are Okta usersIn Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control. with permission to access the Okta administration application. You can grant Admins access to all sections of the application, or limit their access to only certain apps.

To add an administrator, do the following:

  1. Click the Add Administrator button.
  2. Enter the name of the administrator granted permissions.
  3. Define the administrator permissions by choosing an administrator role. For a full description of each of the adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. roles and their permissions, see the table below or click the View permissions info button.
  4. Once the fields are complete, click the Save button.

The table below details the permissions granted to each role. Please note the following:

EA — Early Access features require enablement from Okta Support.

* Permissions apply only to groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. that the Group Admin is allowed to manage.

** Can create new users in groups that Group Admin manages.

^ Permissions apply only to applications the AppAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. Admin is allowed to manage. You cannot specify individually created Template apps. Instead, you must choose the entire Template class; for example Template SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IDP, and the SP. 2.0. Also, App Admins cannot edit VPN Notifications settings for VPN-required apps.

+ To complete the end-to-end scenario for setting up social authentication you must

• Be a Super Administrator

• Have both the App Administrator and OrgAn abbreviation of organization, but can also be thought of as a company. A company that uses Okta as their SSO portal is generally referred to as an org. As an administrator, you decide how Okta should be displayed and/or integrated with your org. Administrator roles

You can restrict the App Administrator role to OpenID Connect clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. apps.

Permission
Super Admin
Org. Admin
App. Admin
Read-Only Admin
Mobile Admin
Org-wide Settings
View and run reports Yes Yes No No Yes Yes No
View Okta settings (themes, logo, & contact info) Yes Yes No No Yes Yes No
Manage Profile Editor Yes Yes No Yes No No No
Manage profile mappings Yes Yes Yes Yes No No No
Edit Okta settings Yes Yes No No No No No
Add, remove, and view administrators Yes No No No No No No
Add, delete, and edit scopeA scope is an indication by the client that it wants to access some resource., claim, and policy on an authorization server Yes No No No No No No
View authorization server scope, claim, and policy Yes Yes No No Yes No No
View System Log Yes Yes No Yes Yes Yes No
User Management
View users Yes Yes Yes* Yes Yes Yes Yes
Activate & deactivate users Yes Yes Yes* No No No No
Edit profiles Yes Yes Yes* No No Yes No
Password resets, MFA resets Yes Yes Yes* No No No Yes
Create users Yes Yes Yes* No No No No
Clear user session Yes Yes Yes No No No Yes
Choose not to receive email notifications about locked user accounts Yes Yes Yes* Yes Yes Yes No
Groups
View groups Yes Yes Yes* Yes Yes Yes No
Add users to groups Yes Yes Yes** No No No No
Remove users from groups Yes Yes Yes No No No No
Create groups Yes Yes No No No No No
Applications
View applications Yes No No Yes^ Yes Yes No
Add and configure applications Yes No No Yes^ No No No
Assign user access to applications Yes No No Yes^ No No No
Create users in pending status via app import Yes No No Yes^ No No No
Mobile Policies
View and manage devices Yes Yes No No No Yes No
Configure Okta mobile manager Yes Yes No No No Yes No
View policies (Mobile) Yes Yes No No Yes Yes No
Setting APNS Yes Yes No No No Yes No
Add/update/delete policies Yes Yes No No No Yes No
Add/Update/Delete Rules Yes Yes No No No Yes No
Drag and Drop Policies for prioritization Yes Yes No No No Yes No
OMMAn acronym for Okta Mobility Management. OMM enables you to manage your users' mobile devices, applications, and data. Your users enroll in the service and can then download and use managed apps from the Apps Store. Managed apps are typically work-related, such as Box or Expensify. As an administrator, you can remove managed apps and associated data from users' devices at any time. You can configure policies, such as data sharing controls, on any of your managed apps. See Configuring Okta Mobility Management for more information. - Wifi (EA)
View wifi policies Yes Yes No No Yes Yes No
Add/update/delete policies Yes Yes No No No Yes No
Add/update/delete rules Yes Yes No No No Yes No
Drag and drop policies for prioritization Yes Yes No No No Yes No
Mobile Devices
View Mobile tab on users section Yes Yes No No Yes Yes No
View device details Yes Yes No No Yes Yes No
Deprovision/clear PC/remote lock/reset Yes Yes No No No Yes No
Deprovision/reset from Mobile tab Yes Yes No No No Yes No
OMM - Applications
View Mobile tab on apps Yes No No Yes Yes Yes No
Edit and save EAS settings Yes No No No No Yes No
Edit native Mobile Access check boxes Yes No No No No Yes No
Okta Sign-On
View Okta Sign-On policies Yes Yes No No Yes Yes No
Add/update/delete policies Yes Yes No No No Yes No
Add/update/delete rules Yes Yes No No No Yes No
Drag and drop policies for prioritization Yes Yes No No No Yes No
Edit MFA factors Yes Yes No No No Yes No
OpenID Connect End-to-End Scenario+
Create and modify an OIDC App, including registering an OAuth client.
Can be restricted to OIDC client apps.
Yes No No Yes No No No
Add a social IDPAn acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta. Yes Yes No No No No No
Read-only access to OAuth clients through the API Yes Yes No No No No No
MFA
Enable MFA for the Admin dashboard Yes No No No No No No