Manage realms

Early Access release

Realms enable efficient management of user populations within a single organization. With realms, you can partition users in the Universal Directory while allowing them to share resources. Each realm consists of users stored and managed separately within an Okta org. Realms let you delegate the administration of users and groups to external collaborators or business units.

You can use Workflows and APIs for managing tasks that occur repeatedly, such as creating a realm, adding or moving users, and performing other repetitive actions. You can also use the Okta Expression Languageto scope Access Certifications campaigns and Entitlement Management policies to users in single or multiple realms.

Okta Identity Governance is required for realms. See the Identity Governance section for more information.

Roles and permissions

Role Description
Super admin Can create or delete a realm.
Org admin Can create or delete a realm.
Delegated realm admin Realms don't have an admin by default. A custom admin role must be created to assign permissions to manage realms and users within those realms. Custom admins can manage users, assign apps to users through groups, and review which groups and apps are assigned to the realm. Custom admins with All Realms assigned to them as a part of the resource set can also create or delete realms.
User Realm users can access applications assigned to them by the realm admin. Users can only exist in one realm at a time.

Related topics

Get started with realms


Create realms

Delegate realm management

Manage realm users

Realm assignments

Realms with Okta Identity Governance

Use Workflows to manage realms

API docs