Create a resource set

Create a collection of your org's user groups, Workflows, authorization servers, apps, and customizations. After you've created a resource set you can assign it to the admins and roles in your org.

Before you begin

Start this task

  1. In the Admin Console, go to SecurityAdministrators.
  2. Go to the Resources tab. The Resources tab displays a list of previously created resource sets and their descriptions. You can also edit the resource set from this page.
  3. Click Create new resource set. The Create new resource set page opens.
  4. In the Name field, enter the name of the resource set. Choose a name that describes the resources it includes.
  5. Optional. In the Description field, enter a short description of the resource set.
  6. Click Add Resources and select one or more resources.

    Resource type

    Resource

    Value

    Comments

    Users

    Add users from the following groups or realms

    Enter group or realm names to add all users from those groups.

    Select Constrain to all users if you want to constrain the resource to all users in the org.

    When you constrain these resources to a role, the user permissions of the role affect the resources. The admin can manage the users within the groups selected here. See Role permissions.

    Groups

    Add groups

    Enter group names to constrain the resource to admins.

    Select Constrain to all groups if you want the resource to be constrained to all groups in the org.

    When used in an admin assignment that has group permissions in the role, this constrains what groups the delegated admin has group permissions on. See Role permissions.

    Applications

    Add apps

    Enter app names to constrain the resource to admins.

    You can add apps and app instances as a resource. The resource applies to all app and profile source permissions. See Best practices for creating a custom role assignment.

    Select Constrain to all applications if you want the resource to be constrained to all apps in the organization.

    You can select the app type (such as all Salesforce apps) or specific app instances.

    Workflows

    Add delegated flows

    Enter workflow names to constrain the resource to admins.

    Select Constrain to all delegated flows if you want the resource to be constrained to all delegated flows in the org.

    Customizations

    		All customizationsn/a

    These admins can create and delete brands, add and manage custom domains, add and manage email domains, manage SMS, and configure general customization settings.

    Authorization server

    Add authorization servers

    Enter authorization server names to constrain the resource to admins.

    Select the Constrain to all authorization servers checkbox if you want to constrain the resource to all authorization servers in the org.

    Admins can create authorization servers only if their role is scoped to all authorization servers.

    Support casesAll cases that the admin openedn/a

    These admins can manage the support cases that they've opened.

    Early Access release. See Enable self-service features.

    Identity ProvidersAll IdPsn/a

    These admins can add and manage all IdPs.

    Follow these steps to add an IdP:

    1. Click Select identity providers.
    2. Click in the Search for identity providers field and start entering the name of an IdP.
    3. Select the checkbox beside each IdP that you want to add.
    4. Click Save selection. The IdPs you selected appear in the Resources section of the Create new resource set page.

    Follow these steps to edit an IdP:

    1. Click the pencil icon in the Resources section of the Create new resource set page.
    2. Clear the checkboxes for IdPs that you want to remove or click Remove all.
    3. To add new IdPs, click in the Search for identity providers field and start entering the name of an IdP.
    4. Select the checkbox beside each IdP that you want to add.
    5. Click Save selection.
    Devices All devicesn/a

    These admins can manage and view all devices. See Device lifecycle for more information about the operations that can be performed on devices.

    Identity and access management

    		All identity and access management resourcesn/a

    These admins can view roles, resources, and admin assignments in the org.

    Realms

    		Add user from all realms or a specific realmSelect all realms or select a specific realm.

    Early Access release. See Enable self-service features.

    Shared Signals Framework receiver

    		All SSF Receiversn/a

    Early Access release. See Enable self-service features.

    Policies

    		Entity risk policy or Session protection policyn/a

    Early Access release. See Enable self-service features.

  7. Click Save selection, and then click Create. The resource set you created appears on the Resources tab.
  8. Optional. Use conditions to exclude resources from a resource set. See Resource set conditions.

Early Access release. See Enable self-service features.

You can use Okta-sourced, AD-sourced, and LDAP-sourced groups as resources. However, the following permissions aren't applicable to AD-sourced and LDAP-sourced groups:

  • Create users
  • Manage users' authenticator operations
  • Edit users' profile attributes
  • Manage group membership

Next step

Create an admin assignment using a resource set