Configure help desk admins

Super admins can assign the help desk admin role to a user and scope that role to a group. See About help desk administrators.

  1. In the Admin Console, go to Security > Administrators.

  2. Click Add Administrator. In the resulting dialog box, do the following:

    1. Type an administrator name into the Grant Administrator Role to field.
    2. Select the Help Desk Administrator role.
    3. Select Can administer user in specific groups (recommended).
    4. Type in the group name of the Okta groups the admin will control. You can also select Active Directory (AD) or LDAP groups in addition to Okta groups. This allows you to assign specific AD or LDAP groups for the Help Desk admin to handle.

Configure help desk admin for AD users

If you want your help desk administrator to perform operations on users that delegate authentication to AD, you’ll also have to configure the AD policy:

  1. In the Admin Console, go to Security > Authentication.

  2. Select Active Directory Policy.

  3. Edit the Legacy Rule to indicate that the user can change passwords.
  4. Click Update Rule.
  5. In the Admin Console, go to Applications >

Next step

Guidance for structuring Okta groups