App Admin role

The App adminAn app admin can be granted access to all instances of an app, or just specific instances of that application. This allows for more granular access control. role can be used to restrict adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. access to specific apps or instances of an application. AppAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. admins can add and configure applications, assign applications to end usersEnd users are people in your org without administrative control. They can authenticate into apps from the icons on their My Applications home page, but they are provisioned, deprovisioned, assigned, and managed by admins., and create users via an app import.

Okta distinguishes between an application and the instances of that application. An app admin can be granted access to all instances of an app, or just specific instances of that application. This allows for more granular access control.

Super Admin can navigate to Security > Administrators to assign applications or specific instances of applications to App Admins. To distinguish between an application and its instances, Okta refers to the application as the "app" and the instances of that application are called "app instances". For example, Workday would be the App, and each instance of Workday would be referred to as an "app instance".

Note: If you assign a specific instance to an app admin and then later try to assign access to the overall app, an error message displays to warn you of the conflicting permissions. An app admin should not have restricted access to only one specific instance but also be assigned access to the entire app type.

For more information, see Administrators.

Top