Configure workload roles

Workload roles define who can access resources in Okta Privileged Access and act as principals in security policies. These roles group multiple unique, ephemeral workloads into a single logical identity based on shared characteristics.

Before you begin

• You must have a security admin role.

• Review Principal SSH access for automated workloads.

Create a workload role

Complete the following steps to create a workload role.

1. On the Okta Privileged Access dashboard, go to Security Administration Workload roles.

2. Enter a Name and Description.

3. Complete the workload role requirements:

   1. Select a workload connection

   2. Optional. Click Filter with additional conditions, and then enter a Source field name, select an Operator, and enter a Value.

      Okta recommends inspecting your JWT using a debug script or jwt.io.

   3. Optional. Click Add a condition, and then repeat the preceding steps.

4. Optional. Click Add a requirement, and then repeat the preceding steps.

5. Click Save Workload role.

After creating the workload role, you must integrate it into the Okta Privileged Access policy engine to grant access to resources. Once the policy is published, the automated workload can execute the authentication and access sequence.

Related topics

Security policy

Get started