Set up partner admins for Secure Partner Access

Early Access release

To grant partner admins management permissions to a Secure Partner Access portal, you must complete the following:

• Restrict access to the Okta Admin Console

• Customize your partner admin roles

• Assign users to the role

Restrict access to the Okta Admin Console

Okta admins have access to the Okta Admin Console by default. However, some admins, such as Secure Partner Access portal admins, may not require access to the Admin Console. As a super admin, you can allow or deny a partner admin access to the Admin Console. You can remove the Admin Console app from partner admins who don't need access while retaining their admin privileges for the portal that they're assigned.

If partner admins were created before access to the Okta Admin Console was restricted, the Admin Console will still be assigned to them. You must manually remove the partner admins from the Admin Console. Restricting access to Admin Console only applies to admins created after configuring the admin role assignment.

Before you begin

There are several important things to note when using this feature:

• Super admins are always granted access to the Admin Console, even when this feature is enabled.

• Some email notifications refer to the Admin Console, even for admins who don't have access to the app.

• If you change your settings for this feature, existing admin role assignments aren't impacted.

Start the task

1. In the Admin Console, go to SecurityAdministrators.

2. Go to the Settings tab.

3. Click Edit next to Admin settings.

4. Select an option:

   • Automatically assign Okta Admin Console (default): Admins are automatically granted access to the Admin Console when they're assigned an admin role.

   • Super admin assigns Okta Admin Console: Admins don't have access to the Admin Console unless a super admin assigns it to them manually.

5. Click Save.

To assign the Admin Console app to an admin, follow the steps in Assign app integrations.

Customize your partner admin roles

When Secure Partner Access is enabled in your org, the AdministratorsRoles page in the Admin Console displays a default Partner admin role. The role has all the permissions that partner admins need to manage a portal. You can modify the permissions for this role, but Okta recommends that you don't add any additional permissions.

See Secure Partner Access permissions to see the permissions that are granted to the role. To modify the role, follow the steps in Edit a role.

Assign users to the role

To delegate permissions to a partner admin, you must complete the following tasks:

• Create a resource set. Add the realms that are part of the resource set.

• Create an admin assignment using the Partner admin role:

  • Create an admin assignment using a resource set

  • Create an admin role assignment using an admin

  • Create an admin assignment using a role

Related topics

Secure Partner Access permissions

Manage Secure Partner Access