Edit or revoke administrator permissions
Only super admins can edit or revoke another admin's permissions. However, you have to use the same method in which the admin was assigned. For example, if you assign a group of users the app admin permission, you can't revoke that permission from an individual user in the group. You need to revoke the permission from the entire group. Similarly, if a member of the application admin group was assigned their permission as an individual, revoking the group permission won't affect them. You need to revoke the individual permission.
If you only have one individually assigned super admin, you can’t edit or revoke their permissions. You must assign another individual as a super admin, and then edit or revoke the other’s permissions.
Org or group admins with user life-cycle privileges can deactivate super admins, which will revoke their role assignments. However, Okta always keeps the role assignment of the last individually assigned super admin active. If a super admin's assignment is revoked, the last super admin can reactivate them.
- In the Admin Console, go to Security > Administrators.
- In the Admin Types pane, filter admins by User or Group.
- To edit privileges, click the pencil icon in the admin or group's Actions column. Make your edits, and then click Update Administrator.
- To revoke privileges, click the X icon in the admin or group's Actions column. Confirm the deletion.