Help desk administrators

Help desk administrators have a fixed set of common help desk actions. Assigning a help desk admin is a strategic security measure because it prevents you from granting unnecessary permissions to help desk personnel.

Help desk admins are useful in the following scenarios:

• You have a single help desk that does not need excessive permissions to perform the role.
• You have a Tier 1 IT that handles high volume account transactions such as password resets.
• Your organization has branches, brands, or franchises that have separate IT teams.
• You have business units that need to perform actions on just their own users.
• You have outsourced service vendors that need to perform actions on just their own users.

Help desk admins have these fixed permissions:

• Reset password
• Create a temporary password for users in a Pending status using "set password and activate" button
• Reset Multifactor Authentication
• Unlock account
• Clear user session
• View user profiles in the groups to which the admin has been assigned

A help desk admin can perform these actions on all users or on select groups of users. For more granular administrative control, you can assign the help desk admin to a select group of users and prevent them from even viewing users outside of their group.

Help desk admins can't performing the following actions:

• Create and activate users
• Suspend and delete users
• Assign users to apps or groups
• Initiate Okta directory specific actions
• View or modify users outside the assigned group(s)
• Create API tokens

Related topics

Configure help desk administrators

Standard administrator roles and permissions

Guidance for structuring Okta groups