Create a resource set

This is an Early Access feature. To enable it, go to Settings > Features in the Okta Admin Console and turn on Custom Administrator Roles.

Before you begin

Start this task

  1. In the Admin Console, go to Security > Administrators.

  2. Go to the Resources tab. The Resources tab displays a list of previously created resource sets and their descriptions. You can also edit the resource set from this page.

  3. Click Create new resource set. The Create new resource set page opens.

  4. In the Resource set name field, enter the name of the resource set. Choose a name that’s self-explanatory about the resources it includes.

  5. Optional. In the Resource set description field, enter a short description of the resource set.

  6. In the Add Resources section, enter the following values:

    Resource type

    Resource

    Value

    Comments

    User

    Add users from the following groups

    Enter group names to add all users from that group.

    Select the Constrain to all check box if you want the resource to be constrained to all users in the organization.

    Remember, when you constrain these resources to a role, the user permissions of the role will impact the resources and the admin can manage the users within the groups selected here. See About role permissions.

    Group

    Add groups

    Enter group names to constrain the resource to admins.

    Select the Constrain to all check box if you want the resource to be constrained to all groups in the organization.

    When used in an admin assignment that has group permissions in the role, this constrains what groups the delegated admin has group permissions on. See About role permissions.

    Application

    Add applications

    Enter application names to constrain the resource to admins.

    You can add apps and app instances as a resource.

    Select the Constrain to all check box if you want the resource to be constrained to all applications in the organization.

    Remember, when you constrain these resources to a role, the user and group permissions of the role will impact the resources and the admin can manage the apps selected here. See About role permissions.

  7. Click Save resource set. You can see the resource set you just created on the Resources tab.

Note

You can use Okta-sourced, AD-sourced, and LDAP-sourced groups as resources. However, the following permissions aren't applicable to AD-sourced and LDAP-sourced groups:

  • Create users

  • Manage users' authenticator operations

  • Edit users' profile attributes

  • Manage group membership

Next step

Create an admin assignment using a resource set