About creating a customized admin role assignment

This is an Early Access feature. To enable it, go to Settings > Features in the Okta Admin Console and turn on Custom Administrator Roles.

An admin role assignment consists of the following components:

  • Admin: The user or the user group that you need to grant admin permissions to.

  • Role: A set of permissions that you constrain an admin to. There are two types of roles, standard and custom. You can create a maximum of 100 roles for an org. Currently, permissions are limited to managing user, group, and app activity only.

  • Resource set: A collection of resources. You can create a maximum of 10,000 resource sets and assign a maximum of 1,000 resources for each resource set. Currently, only user groups and apps in your org are considered as resources.

  • Resource sets are only available for custom admin roles.

  • You can only have 1,000 admins who have the same role and resource set combination constrained to them.

You can create a custom admin role assignment by beginning with either of these components.

While creating a custom admin role assignment, you can also:

  • Create an admin, role, and/or resource set.

  • Edit an existing assignment.

  • Delete an existing assignment.

Related topics

Best practices for creating a custom role assignment

About role permissions