Limit the number of super admins
Admin roles allow you to control user access to a range of Okta functions. You can assign more than one role to an individual adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. if their job requires them to perform actions that span multiple roles. This role can create other admins, assign or remove permissions, and perform all other admin activities. The Super adminThe super admin receives full access to every item in the Administrative Console and is the only role that can assign administrator roles to other user accounts. Accounts with other administrator role assignments have reduced functionalities to different permission sets. Contact Okta support to create an Okta Mastered account with Super Admin rights. has the highest permissions of all admin roles.
For more information, see Super Admin role.
HealthInsight: Why is this task recommended?
This feature is a HealthInsight security task. For more security recommendations from Okta, see HealthInsight.
To ensure that orgThe Okta container that represents a real-world organization. admins are not assigned more permissions than necessary. Most orgs require only a few super admins.
To change admin privileges to a user or an Okta group:
- From the admin console, navigate to Security > Administrators.
- Under Admin Roles, select the Super filter to display only super administrators.
- Under Actions, click Edit next to each user entry. The Edit Administrator window is displayed.
- From the list of administrator roles, assign a role other than Super admin to the user.
- Click Update Administrator to continue.
- General Security
- Security Checklist
- Network Security
- Security Policies
- Multifactor Authentication