Requirements and limitations
Review the following before you use Okta Privileged Access:
-
Users must install version 1.7.x or higher of Okta Privileged Access client, server agent, and gateway. Okta Privileged Access doesn't provide the option for users to request group membership or for approvers to manage Okta group membership by approving requests. However, Okta Identity Governance customers can manage group membership for groups assigned PAM admin, security admin, or resource admin roles using Okta Privileged Access with Access Requests.
-
Use of Okta Credential Provider for Windows with Okta Privileged Access isn't supported.
-
To provide access server resources, teams must allow traffic through various network ports. See Okta Privileged Access port requirements.
-
The following are the current maximum limits for various items in Okta Privileged Access:
Security policy
Configuration items Maximum Security policies per team 250 Rules per policy 30 Sudo command bundles per rule 10
Labels selectors per rule 10 Principals per policy. Maximum for user and group entries. 40 Resource administration
Configuration items Maximum Resource groups per team 100 Projects per team 10,000 Secrets
Configuration items Maximum Top-level folders team-wide 250 Secret size 64KB Nested folders 50 levels deep Key name 255 characters Secret and folder names 255 characters Secrets may not be used to store any unlawful or infringing material, controlled or classified information, or any other data that is not permitted to be entered into the Service by Okta's Master Subscription Agreement.
Entitlement analysis and discovery
Configuration items Maximum Cloud connections per team 3 Entitlement analysis jobs per team 3 IaaS account per entitlements analysis job 10 Max number of AWS IAM Identity Center users 500