Work with the Role component

This is an Early Access feature. To enable it, go to Settings > Features in the Okta Admin Console and turn on Custom Administrator Roles.

A role is a set of permissions that you constrain an admin to. There are two types of roles, standard and custom. Currently, custom role permissions are limited to managing user, group, and app activity only.

If your organization needs delegated admins, you may need to create new roles. Create the role first and then create an admin assignment by selecting the users and resource set that you want to constrain the role to. You can create a maximum of 100 roles for an org.

  • You can’t create delegated admins using standard roles.

  • You can only have 1,000 admins who have the same role and resource set combination constrained to them.


  • If you want an admin to be able to view all resources but only manage specific resources, create two separate role assignments for the admin. See Best practices for creating a custom role assignment

  • You may have to assign several roles to an admin to constrain different permissions to different resource sets. See About role permissions.

  • We recommend that you manage standard role assignments that have more than 100 groups or apps assigned from the user or group's profile page for better load times.
    You can use the search bar on the Administrators page to search for the user or group. Alternatively, to navigate to:

    • User's profile, go to Directory > People and search for the user.

    • Group's profile, go to Directory > Groups and search for the group.

Role-specific tasks

Create a role

Edit a role

Create an admin assignment using a role