Configure the issue viewer role

The issue viewer role allows users to monitor security issues without making changes. It's designed for team members who need visibility into your org's security posture but shouldn't modify settings or take actions. Consider assigning this role to application security analysts, security team practitioners, or auditors.

This role enforces least privilege through two restrictions:

  • Read-only permissions: Analysts can't modify configurations, dismiss findings, or change security settings.
  • Limited source access: Super admins can grant access only to specific sources, so analysts see only what's relevant to their role.

This approach minimizes risk by restricting both what users can do and what data they can access.

Before you begin

  • Ensure that ISPM is integrated with Okta for your org.
  • You must have the super admin role mapped to a group in ISPM.
  • You must be a super admin or org admin in Okta to create groups.
  • The group that you're assigning the issue viewer role must be assigned to the ISPM SSO app.

Assign the issue viewer role to a group in ISPM

  1. In the ISPM console, go to Settings > Role assignment.
  2. Click Assign group roles.
  3. Enter a group name.
  4. From the Roles dropdown menu, select Issue viewer.
  5. In the Visible sources dropdown menu, select the apps that the group can access.
  6. Click Assign role.

Create a group in Okta

  1. In the Okta Admin Console, go to Directory > Groups.
  2. Click Add Group.
  3. In the Name field, enter the same group name that you used for mapping the role. If these group names don't match, users can't access the ISPM console.
  4. Optional. Enter a description for the group in the Description field.
  5. Click Save.

Assign the group to the Okta ISPM - SSO OIDC app

  1. In the Okta Admin Console, go to Applications > Applications.
  2. In the Search field, enter Okta ISPM - SSO OIDC.
  3. Click the app name and select the Assignments tab.
  4. Click Assign, and then select Assign to Groups.
  5. Locate the group that you created and click Assign.
  6. Complete the fields in the Assign Okta ISPM - SSO OIDC to Groups dialog if it appears.
  7. Click Save and go back.
  8. Click Done.

Related topics

Configure super admin