Group membership admin role

This is an Early Access feature. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features .

The group membership admin role grants permission to view all users in an org and manage the membership of specific groups.

The group membership admin role can be a standalone assignment for admins who need to add and remove users in a group, or it can be combined with a role like group admin or help desk admin for broader user management permissions. These combinations enable an admin to add, remove, and deactivate existing users, reset their passwords, and change their MFA.

Note: Group membership admins can't modify the membership of admin groups. Only super admins can grant admin privileges to a user.

To assign the group membership admin role:

  1. In the Admin Console, go to Security > Administrators.
  2. Click Add Administrator.
  3. In the Grant administrator role to field, enter the admin’s name.
  4. Select Group Membership Admin.
  5. Choose one of the following Group Membership Admin Permissions:
    • Can administer all group memberships
    • Can administer group memberships in specific groups: Enter the names of the Okta groups whose membership can be managed by this admin. Remember that you can't assign a group membership admin to admin groups.
  6. Click Add Administrator.

Edit an administrator

On the Security > Administrator page, select the pencil icon to edit an administrator or the X icon to delete an administrator. If you delete an administrator, you revoke all administrator privileges but do not delete the individual user.