Work with the Resource set component

This is an Early Access feature. To enable it, go to Settings > Features in the Okta Admin Console and turn on Custom Administrator Roles.

A resource set is a collection of resources. Currently, only user groups and apps in your org are considered as resources.

You can:

  • Create a maximum of 10,000 resource sets and assign a maximum of 1,000 resources for each resource set.

  • Use resource sets to constrain permissions of a role to specific resources.

  • Constrain admins who have the same role assignment to different resource sets.

Note
  • Resource sets are only available for custom admin roles.

  • You can only have 1,000 admins who have the same role and resource set combination constrained to them.

Considerations

  • While you can use either Admin, Role, or Resource set components to create a role assignment, we recommend that you think about the role assignment from a resource-first perspective. It’s helpful to think which resources will be accessible to your admin and which roles should be granted to them.

    • You have a sensitive resource in your org and want to limit who can add users and groups to this resource. In this case, create a resource set first followed by the custom admin role assignment.

  • If you want an admin to be able to view all resources but only manage specific resources, create two separate role assignments for the admin. See Best practices for creating a custom role assignment

  • You can use Okta-sourced, AD-sourced, and LDAP-sourced groups as resources. However, the following permissions aren't applicable to AD-sourced and LDAP-sourced groups:

    • Create users

    • Manage users' authenticator operations

    • Edit users' profile attributes

    • Manage group membership

Resource set-specific tasks

Create a resource set

Edit a resource set

Create an admin assignment using a resource set