Users and Groups administration
When an Okta Privileged Access team is created, two user groups are automatically created: everyone and owners. The first user, who creates the Okta Privileged Access team, is added to the owners group. The owners group grants them the PAM administrator role. Users with the PAM administrator role can then create groups and add users to the group. Any user who is added to the Okta Privileged Access team after the first user is an end user and is added to the everyone group, unless they're granted other roles.
The PAM admin is the only role that can assign other roles. They can assign roles to groups provisioned to Okta Privileged Access using Okta SCIM functionality or to groups that are created locally.
Users
You can find the list of registered users and service users for the team under the on the Okta Privileged Access dashboard. By clicking a user, you can see more details such as their group membership, user attributes, or a service user's API key. PAM admins can disable or delete a service user from the Details page. See Service users.
You can only associate users with a maximum of 20 groups that are linked to a single project. However, a user can belong to more than 20 groups as long as no more than 20 of those groups are tied to any one project.
Groups
Groups help organize collections of users, allowing you to easily grant them access to the servers in a project or administrative privileges on your team. See Groups for details.