Grant Admin privileges
[ breadcrumb, e.g., Settings > Customization]
[ current version ]
Only Super admins can create adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. usersIn Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control. or grant admin privileges to existing users or groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups..
You can assign admin privileges in two ways:
- Individually - Assign admin privileges to users one at a time, as needed. This works well if you only need to create a single or manageable number of admin accounts.
This is an Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. feature. To enable it use the Early Access Feature Manager as described in Manage Early Access Features.
- Admin groups - Assign users to a group and then grant admin privileges to the entire group. This makes it easy to onboard large numbers of admins quickly. This is an Early Access feature.
The method for assigning admin privileges to individual users and to user groups is the same.
Onboarding large numbers of admins can be time consuming. To make the process simpler, you can take advantage of groups. By creating a group for specific admin roles, you can then assign admin privileges to everyone in that group. You can assign admin privileges to an Okta group, AD group or LDAP group.
By leveraging rules-based logic to assign users to those admin groups, large numbers of users can be assigned admin privileges swiftly and accurately. For details, see Using Groups and Using group membership rules
To assign admin privileges to a user or an Okta group:
- Navigate to Security > Administrators.
- Click Add Administrator or Add Administrator Group, depending on whether you are assigning privileges to an individual or a group.
- In the Grant administrator role field, begin typing the name of the user or group you want to assign admin privileges to and select the correct user or group from the search list.
- Select the administrator roles you want that user or group to have. You can assign multiple admin roles to an individual or group.
Note: Some admin roles require additional input to specify further privileges. For example, when assigning Application Admin privileges, you are prompted to select which applications or appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. instances that user can administer. Similarly, Help Desk admins can be granted access to all users or restricted to specific user groups.
- Click Add Administrator to complete the assignment.