Users must install version 1.7.x or higher of Okta Privileged Access client, server agent, and gateway. Okta Privileged Access doesn't provide the option for users to request group membership or for approvers to manage Okta group membership by approving requests. However, Okta Identity Governance customers can manage group membership for groups assigned PAM admin, security admin, or resource admin roles using Okta Privileged Access with Access Requests.

The following are the current maximum limits for various items in Okta Privileged Access:

Security policy

Configuration items Maximum
Security policies per team 250
Rules per policy 30
Labels selectors per rule 10
Principals per policy. Maximum for user and group entries. 40

Resource administration

Configuration items Maximum
Resource groups per team 100
Projects per team 10,000


Configuration items Maximum
Top-level folders team-wide 250
Secret size 64KB
Nested folders 50 levels deep
Key name 255 characters
Secret and folder names 255 characters

Secrets may not be used to store any unlawful or infringing material, controlled or classified information, or any other data that is not permitted to be entered into the Service by Okta’s Master Subscription Agreement.

Entitlement analysis and discovery

Configuration items Maximum
Cloud connections per team 3
Entitlement analysis jobs per team 3
IaaS account per entitlements analysis job 10
Max number of AWS IAM Identity Center users 500

Related topics

Set up Okta Privileged Access

Security administration

Resource administration

Cloud infrastructure entitlements