About third-party administrators

Third-party admins perform administrative actions without interacting with the Okta Admin Console. They don't receive Okta email notifications and can't contact Okta Support.

Third-party admin scenarios

Some organizations need to set up administrator roles in Okta for individuals who perform admin functions but are not direct employees of their organization. The parent organization may even create a custom portal for administrator functions, so that third-party admins do not even see the Okta interface.

Consider the following scenarios:

  • An org's support team outsources its services to a third party. This third party manages user needs on behalf of the org but does not actually see the Okta user interface.
  • An org uses a Business to Business to Consumer (B2B2C) model. A "hub-and-spoke" is set up with end customers (external users) created as admins so they can run their own Okta org. The org may offer a custom portal created with Okta APIs so these external users aren’t aware that they are admins in Okta.

If the external users in these scenarios are given traditional admin roles in Okta, they will receive default Okta admin emails like customer notifications, admin email alerts, and welcome messages. By giving these users third-party admin permissions, you can prevent them from interacting with the Admin Console, receiving Okta messages, or contacting Okta support.

See also

Configure third-party admins

Administrator comparison tables