Users and Groups administration

When an Okta Privileged Access team is created, two user groups are automatically created: everyone and owners. The first user who creates the Okta Privileged Access team is added to the owners group. The owners group grants the PAM administrator role. Users with the PAM administrator role can then create groups and add users to the group. Any user who is added to the Okta Privileged Access team after the first user is an end user and are added to the everyone group, unless they are granted other roles.

The PAM admin is the only role that can assign other roles. They can assign roles to groups provisioned to Okta Privileged Access using Okta SCIM functionality or to groups that are created locally.


You can find the list of registered users for the team under the DirectoryUsers on the Okta Privileged Access dashboard. By clicking a user, you can see the groups that they're part of and their roles in those groups. PAM admins can disable or delete a user from the Details page.


Groups help organize collections of users, allowing you to easily grant them access to the servers in a project or administrative privileges on your team. See Groups for details.

Related topics


Roles and permissions