The Group Admin Role

The Group Administrator role stands apart from the other adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. roles because it allows for increased administrative control. While this role performs mainly user-related tasks (create usersIn Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control., deactivate users, reset passwords, etc.), it can also be used restrict these tasks to a select group or groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. of Okta users. In essence, you can “delegate” permissions to a particular admin to manage a specific group.

Note: This feature only applies to groups created in Okta.

Uses for this role might be a franchise, where each location needs to silo and control their location-specific teams. Each franchise would need to create and manage their own data without affecting or being affecting by the others. Another example might be a company that owns many distinct product brands. One “umbrella” company owns them, but each brand has some homegrown and unique departments that have no relation to the other brands.

Guidance Structuring Okta Groups

Getting the most out of this role requires careful selection of Okta groups. The groups you create and choose should reflect your organization's structure or boundaries of control.

Another good practice is to grant one admin role per admin. Having said that, there are cases where customers might need to assign multiple administrator roles to a single admin. One example might be combining an AppAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. Admin role and a Group Admin role. Since the Group Admin is the only role defined by groups, adding the App Admin role can expand the admins view and edit permissions without compromising security issues. For this reason, Okta supports combining admin permissions.

Admins only receive notifications about locked-out users who are in the group, or groups that the admin manages.

For more information, see Administrators.

Top