Users and Groups administration

When an Okta Privileged Access team is created, two user groups are automatically created: everyone and owners. The first user, who creates the Okta Privileged Access team, is added to the owners group. The owners group grants them the PAM administrator role. Users with the PAM administrator role can then create groups and add users to the group. Any user who is added to the Okta Privileged Access team after the first user is an end user and is added to the everyone group, unless they're granted other roles.

The PAM admin is the only role that can assign other roles. They can assign roles to groups provisioned to Okta Privileged Access using Okta SCIM functionality or to groups that are created locally.


You can find the list of registered users and service users for the team under the DirectoryUsers on the Okta Privileged Access dashboard. By clicking a user, you can see more details such as their group membership, user attributes, or a service user's API key. PAM admins can disable or delete a service user from the Details page. See Service users.


Groups help organize collections of users, allowing you to easily grant them access to the servers in a project or administrative privileges on your team. See Groups for details.

Related topics


Service users

Roles and permissions