Create a resource set

Create a collection of your org's user groups, workflows, authorization servers, apps, and customizations. After you've created a resource set you can assign it to the admins and roles in your org.

Before you begin

• Ensure that you’re signed in as a super admin.

• See Best practices for creating a custom role assignment.

Start this task

1. In the Admin Console, go to SecurityAdministrators.

2. Go to the Resources tab. The Resources tab displays a list of previously created resource sets and their descriptions. You can also edit the resource set from this page.

3. Click Create new resource set. The Create new resource set page opens.

4. In the Resource set name field, enter the name of the resource set. Choose a name that’s self-explanatory about the resources it includes.

5. Optional. In the Resource set description field, enter a short description of the resource set.

6. In the Add Resources section, enter the following values:

   Resource type	Resource	Value	Comments
   Users	Add users from the following groups or realms	Enter group names or realm names to add all users from those groups.	Select Constrain to all users if you want the resource to be constrained to all users in the organization. Remember, when you constrain these resources to a role, the user permissions of the role will impact the resources and the admin can manage the users within the groups selected here. See About role permissions. Realms is an early access (EA) feature. Early Access release. See Enable self-service features.
   Groups	Add groups	Enter group names to constrain the resource to admins.	Select Constrain to all groups if you want the resource to be constrained to all groups in the organization. When used in an admin assignment that has group permissions in the role, this constrains what groups the delegated admin has group permissions on. See About role permissions.
   Applications	Add applications	Enter application names to constrain the resource to admins.	You can add apps and app instances as a resource. The resource will apply to all application and profile source permissions. See Best practices for creating a custom role assignment. Select Constrain to all applications if you want the resource to be constrained to all applications in the organization. You can select the app type (such as all Salesforce apps) or specific app instances.
   Workflows	Add delegated flows	Enter workflow names to constrain the resource to admins.	Select Constrain to all delegated flows if you want the resource to be constrained to all delegated flows in the organization.
   Customizations	All customizations	n/a	These admins can create and delete brands, add and manage custom domains, add and manage email domains, manage SMS, and configure general customization settings.
   Authorization server	Add authorization servers	Enter authorization server names to constrain the resource to admins.	Select the Constrain to all authorization servers check box if you want the resource to be constrained to all authorization servers in the organization. Admins can create new authorization servers only if their role is scoped to all authorization servers.
   Identity providers	All IdPs	n/a	These admins can add and manage all IdPs. Early Access release. See Enable self-service features.
   Devices	All devices	n/a	These admins can manage and view all devices. See Device lifecycle for more information about the operations that can be performed on devices. Early Access release. See Enable self-service features.
   Identity and access management	All identity and access management resources	n/a	These admins can view roles, resources, and admin assignments in the organization. Early Access release. See Enable self-service features.
   Realms	Add user from all realms or a specific realm	Select all realms or select a specific realm.	Early Access release. See Enable self-service features.

7. Click Save resource set. You can see the resource set you just created on the Resources tab.

8. Go to the Resources tab. The Resources tab displays a list of previously created resource sets and their descriptions. You can also edit the resource set from this page.
9. Click Create new resource set. The Create new resource set page opens.
10. In the Resource set name field, enter the name of the resource set. Choose a name that’s self-explanatory about the resources it includes.
11. Optional. In the Resource set description field, enter a short description of the resource set.
12. In the Add Resources section, enter the following values:

    Resource type	Resource	Value	Comments
    Users	Add users from the following groups	Enter group names to add all users from those groups.	Select Constrain to all users if you want the resource to be constrained to all users in the organization. Remember, when you constrain these resources to a role, the user permissions of the role will impact the resources and the admin can manage the users within the groups selected here. See About role permissions.
    Groups	Add groups	Enter group names to constrain the resource to admins.	Select Constrain to all groups if you want the resource to be constrained to all groups in the organization. When used in an admin assignment that has group permissions in the role, this constrains what groups the delegated admin has group permissions on. See About role permissions.
    Applications	Add applications	Enter application names to constrain the resource to admins.	You can add apps and app instances as a resource. The resource will apply to all application and profile source permissions. See Best practices for creating a custom role assignment. Select Constrain to all applications if you want the resource to be constrained to all applications in the organization. You can select the app type (such as all Salesforce apps) or specific app instances.
    Support Cases	Support cases opened by the admin	n/a	These admins can view, create, and manage the Okta support cases that they've opened. Early Access release. See Enable self-service features.
    Workflows	Add delegated flows	Enter workflow names to constrain the resource to admins.	Select Constrain to all delegated flows if you want the resource to be constrained to all delegated flows in the organization.
    Customizations	All customizations	n/a	These admins can create and delete brands, add and manage custom domains, add and manage email domains, manage SMS, and configure general customization settings.
    Authorization server	Add authorization servers	Enter authorization server names to constrain the resource to admins.	Select the Constrain to all authorization servers checkbox if you want the resource to be constrained to all authorization servers in the organization. Admins can create new authorization servers only if their role is scoped to all authorization servers.
    Identity providers	All IdPs	n/a	These admins can add and manage all IdPs. Early Access release. See Enable self-service features.
    Devices	All devices	n/a	These admins can manage and view all devices. See Device lifecycle for more information about the operations that can be performed on devices. Early Access release. See Enable self-service features.
    Identity and access management	All identity and access management resources	n/a	These admins can view roles, resources, and admin assignments in the organization.

13. Click Save resource set. You can see the resource set you just created on the Resources tab.

Next step

Create an admin assignment using a resource set