Grant Admin privileges
Only Super admins can create adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. users or grant admin privileges to existing users or groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups..
You can assign admin privileges in two ways:
- Individually - Assign admin privileges to users one at a time, as needed. This works well if you only need to create a single or manageable number of admin accounts.
- Admin groups - Assign users to a group and then grant admin privileges to the entire group. This makes it easy to onboard large numbers of admins quickly. This is an Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. feature.
The method for assigning admin privileges to individual users and to user groups is the same.
Onboarding large numbers of admins can be time consuming. To make the process simpler, you can take advantage of groups. By creating a group for specific admin roles, you can then assign admin privileges to everyone in that group. You can assign admin privileges to an Okta group, AD group or LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. group.
Groups with group rules cannot be assigned an admin role. An admin is not allowed to use a group rule to assign users to Admin groups. This is to prevent delegated admins from erroneously increasing their or other user's administrative privileges.
- Only Super admins are able to manage groups with administrative roles.
- Group admins cannot manage groups that have admin privileges assigned to them. If a Group adminThe Group Administrator role stands apart from the other admin roles because it allows for increased administrative control. While this role performs mainly user-related tasks (create users, deactivate users, reset passwords, etc.), it can also be used restrict these tasks to a select group or groups of Okta users. In essence, you can “delegate” permissions to a particular admin to manage a specific group. is assigned access to a group that is later assigned an admin role, the Group admin will no longer be able to make any changes over the group or group members.
- Admin roles can only be assigned to groups with less than 5000 members.
To assign admin privileges to a user or an Okta group:
- Navigate to Security > Administrators.
- Click Add Administrator or Add Administrator Group, depending on whether you are assigning privileges to an individual or a group.
- In the Grant administrator role field, begin typing the name of the user or group you want to assign admin privileges to and select the correct user or group from the search list.
- Select the administrator roles you want that user or group to have. You can assign multiple admin roles to an individual or group.
Note: Some admin roles require additional input to specify further privileges. For example, when assigning Application Admin privileges, you are prompted to select which applications or appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. instances that user can administer. Similarly, Help Desk admins can be granted access to all users or restricted to specific user groups.
- Click Add Administrator to complete the assignment.