Set up partner admins for Secure Partner Access
Early Access release
To grant partner admins management permissions to a Secure Partner Access portal, you must complete the following:
Restrict access to the Okta Admin Console
Okta admins have access to the Okta Admin Console by default. However, some admins, such as Secure Partner Access portal admins, may not require access to the Admin Console. As a super admin, you can allow or deny a partner admin access to the Admin Console. You can remove the Admin Console app from partner admins who don't need access while retaining their admin privileges for the portal that they're assigned.
If partner admins were created before access to the Okta Admin Console was restricted, the Admin Console will still be assigned to them. You must manually remove the partner admins from the Admin Console. Restricting access to Admin Console only applies to admins created after configuring the admin role assignment.
To restrict Admin Console access, follow the steps in Restrict access to the Admin Console.
Customize your partner admin roles
When Secure Partner Access is enabled in your org, the page in the Admin Console displays a default Partner admin role. The role has all the permissions that partner admins need to manage a portal. You can modify the permissions for this role, but Okta recommends that you don't add any additional permissions.
See Role permissions to see the permissions that are granted to the role. To modify the role, follow the steps in Edit a role.
Assign users to the role
To delegate permissions to a partner admin, you must complete the following tasks:
-
Create a resource set. Add the realms that are part of the resource set. Okta doesn't recommend adding Secure Partner Access users to partner realms, as partner admins have management rights over those realms.
-
Create an admin assignment using the Partner admin role:
For additional information about the permissions you can grant to partner admins, see Secure Partner Access permissions.