App admin role

The app admin role can be used to restrict admin access to specific apps or instances of an application. App admins can add and configure applications, assign applications to end users, and create users via an app import.

Okta distinguishes between an application and the instances of that application. An app admin can be granted access to all instances of an app, or just specific instances of that application. This allows for more granular access control.

Super admins can navigate to Security > Administrators to assign applications or specific instances of applications to app admins. To distinguish between an application and its instances, Okta refers to the application as the "app" and the instances of that application are called "app instances". For example, Workday would be the App, and each instance of Workday would be referred to as an "app instance".

Note: If you assign a specific instance to an app admin and then later try to assign access to the overall app, an error message displays to warn you of the conflicting permissions. An app admin should not have restricted access to only one specific instance but also be assigned access to the entire app type.

For more information, see Administrators.