Administrators (or Admins) are Okta users with permission to access the Okta administration application. You can grant Admins access to all sections of the application, or limit their access to only certain apps.
To add an administrator, do the following:
The table below details the permissions granted to each role. Please note the following:
EA — Early Access features require enablement from Okta Support.
* Permissions apply only to groups that the Group Admin is allowed to manage.
** Can create new users in groups that Group Admin manages.
^ Permissions apply only to applications the App Admin is allowed to manage. You cannot specify individually created Template apps. Instead, you must choose the entire Template class; for example Template SAML 2.0. Also, App Admins cannot edit VPN Notifications settings for VPN-required apps.
+ To complete the end-to-end scenario for setting up social authentication you must
App Administrator role
This is an Early Access feature. To enable it use the Early Access Feature Manager as described in Manage Early Access Features.
Okta distinguishes between an application and the instances of that application. An app admin can be granted access to all instances of an app, or just specific instances of that application. This allows for more granular access control.
Super Admins can navigate to Security > Administrators to assign applications or specific instances of applications to App Admins. To distinguish between an application and its instances, Okta refers to the application as the "App" and the instances of that application are called "app instances". For example, Workday would be the App, and each instance of Workday would be referred to as an "app instance".
Note: If you assign a specific instance to an app admin and then later try to assign access to the overall App, an error message displays to warn you of the conflicting permissions. An app admin should not have restricted access to only one specific instance but also be assigned access to the entire app type.