Limit the number of super admins

Admin roles allow you to control user access to a range of Okta functions. You can assign more than one role to an individual admin if their job requires them to perform actions that span multiple roles. This role can create other admins, assign or remove permissions, and perform all other admin activities. The Super admin has the highest permissions of all admin roles.

For more information, see Super Admin role.

 

HealthInsight: Why is this task recommended?


This feature is a HealthInsight security task. For more security recommendations from Okta, see HealthInsight.

To ensure that org admins are not assigned more permissions than necessary. Most orgs require only a few super admins.

Security impact: Critical

End-user impact: None

Okta recommends: Limit the number of super admins only to users who require super admin access. An org should not have more than 15 super admins.

  • All other admins should only have the permissions as required for their role.
  • Plan for a recurring assessment of all admin privileges to ensure these best practices are met.

 

 

Procedure


To change admin privileges to a user or an Okta group:

  1. From the admin console, navigate to Security > Administrators.
  2. Under Admin Roles, select the Super filter to display only super administrators.

  3. Under Actions, click Edit next to each user entry. The Edit Administrator window is displayed.
  4. From the list of administrator roles, assign a role other than Super admin to the user.
  5. Click Update Administrator to continue.

 

Related topics