Requirements
Early Access release
The following are current requirements and scale limits for various items in realms.
Required feature
Okta Identity Governance is required for realms. See Okta Identity Governance for more information.
Object segmentation
-
Users must belong to a realm, but groups and apps exist independently of realms.
-
Groups, apps, servers, and devices can't be scoped to a particular realm. These are available at the org level.
-
Group rules can't be defined with the scope of users in a realm.
-
Identity providers can't belong to a realm. They are at the org level.
Scale limits
| Configuration per org Maximum | Maximum |
|---|---|
| Realms | 500 |
| Realm assignments | 500 |
| Profile source | 10 per realm |
Permissions
Creation and management of realm assignments can only be delegated to custom admins who have access to all realms.
Policies
-
Only authentication policy rules can be scoped to users in a realm through the Okta Expression Language.
-
Global Session Policies can't be scoped to users in a realm.
Governance
-
Access Certifications campaigns and Entitlement Management policies can be scoped to realms only through the Okta Expression Language.
-
Access Requests aren't supported in realms.