User classification
Early Access release
When you create a user in the Admin Console, their default classification is standard user. You can change their classification to lite user if you want to create a unique identifier for your business partners.
Assigning the lite user classification to a Secure Partner Access user in the Admin Console lets your partners manage those users through the Partner Admin Portal. You can add all partner users as lite users, or create accounts for partner admins as lite users and give them the admin role. Partner admins can then create users in the Partner Admin Portal.
If your org has the user classification feature enabled, all users created in the Partner Admin Portal are classified as lite users. Lite users continue to have access to the Okta End-User Dashboard.
Requirements and limitations
-
Lite users can be assigned up to five apps. This doesn't include Okta first-party apps. If an admin assigns any additional apps to these users, the assignment fails.
-
The total number of apps assigned to lite users is determined by the count of unique apps assigned to them. For example, if a user has 10 instances of Salesforce assigned, they only count as one app towards the limit of five.
-
Lite users have to authenticate into Okta through external or social IdPs, such as SAML 2.0, OIDC Google, or LinkedIn. Lite users can’t use an Okta username and password to authenticate into your org. If an appropriate IdP isn't configured for your partner, users can't authenticate.
-
Lite users can’t authenticate with Active Directory or LDAP delegated authentication.
-
Ensure that lite users are assigned to the appropriate partner realm. Lite users can be managed by partner administrators within the Partner Admin Portal only if they're part of the associated realm.