Organization administrators (org admins) have org-wide permissions for most user management and policy settings. While org admin permissions are frequently combined with the app admin permissions to set up social authentication, we recommend combining them with a custom role for more granular access control.
Org admin restrictions
Org admins have many of the same permissions as super admins, with a few exceptions. Org admins can't perform the following actions:
- Grant access to Okta Support
- Add, remove, and view administrators
- Manage applications
- Manage authorization servers
- Manage profile mappings
- Manage hooks
- Create OIDC apps
- Enable MFA for the Admin Console
- Enable self service registration
- Enable Early Access and beta features
For a complete view of all of the permissions that are granted and excluded from this role, see Administrator comparison tables.