Grant admin privileges
You can assign adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. privileges to individuals or to groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups..
Individual assignments are better for a manageable number of admin accounts. When you assign admin privileges to individuals, you do so one at a time, whenever necessary. Admin groups work better when you need to onboard a large number of admins quickly. Assign those admins to one group, and then grant admin privileges to that group. You can assign admin privileges to Okta groups, AD groups, and LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. groups.
The method for assigning admin privileges to individual users and to groups is the same.
- In Admin Console, go to Security > Administrators.
- Click Add Administrator or Add Administrator Group, depending on whether you are assigning privileges to an individual or a group.
- In the Grant administrator role field, begin typing the name of the user or group you want to assign admin privileges to and select the correct user or group from the search list.
- Select the administrator roles you want that user or group to have. You can assign multiple admin roles to an individual or group.
- Click Add Administrator to complete the assignment.
Note: Some admin roles require additional input to specify further privileges. For example, when assigning Application Admin privileges, you are prompted to select which applications or appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. instances that user can administer. Similarly, Help Desk admins can be granted access to all users or restricted to specific user groups.
- Super adminThe super admin receives full access to every item in the Administrative Console and is the only role that can assign administrator roles to other user accounts. Accounts with other administrator role assignments have reduced functionalities to different permission sets. Contact Okta support to create an Okta Mastered account with Super Admin rights. is the only role that can manage users or groups with admin privileges.
- Group admins lose their permissions if their group is assigned admin privileges. Only the super admin can make changes to the group or its members.
- Admin roles can't be assigned to groups with more than 5,000 members.
- Group rules don't work with admin groups. This prevents delegated admins from erroneously increasing their or other user's administrative privileges.