Okta Agent Super Admin vs. App Admin Skip to main content
https://support.okta.com/help/answers?id=9060z00000078mxqai&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
George CalapaiGeorge Calapai 

Okta Agent Super Admin vs. App Admin

I'm wonering if someone can weigh in on the best practice around assigning admin privileges to the Okta agent account which is used to authenticate back to the Okta instance.. I understand  the surface differnce between a super admin and an application admin but not the level required by the Okta mastered agent to perform its functions.  Any help is much appreciated or direction to an answered post as I can't seem to find one.

George
Best Answer chosen by George Calapai
Razvan PopaRazvan Popa (Okta, Inc.)
Hi George,

Happy to help on this one!

The details of the permissions can be found here: https://help.okta.com/en/prod/Content/Topics/Directory/okta-active-directory-agent.htm?Highlight=ad%20agent

To your question, the AD agent should not need more than an App Admin role to perform its processes. The above documentation also contains a link to administrative roles and the differences in permissions and capabilities.

Hope this helps! Have a great day!

Razvan Popa
Technical Support Engineer
Okta Global Customer Care
 

All Answers

Razvan PopaRazvan Popa (Okta, Inc.)
Hi George,

Happy to help on this one!

The details of the permissions can be found here: https://help.okta.com/en/prod/Content/Topics/Directory/okta-active-directory-agent.htm?Highlight=ad%20agent

To your question, the AD agent should not need more than an App Admin role to perform its processes. The above documentation also contains a link to administrative roles and the differences in permissions and capabilities.

Hope this helps! Have a great day!

Razvan Popa
Technical Support Engineer
Okta Global Customer Care
 
This was selected as the best answer
George CalapaiGeorge Calapai
Hi Razvan,

Thank you so much for your reply - very helpful ... I noted something else in the documentation you provided, OKTA recommends that no administrators be AD mastered , what is the concern / risk associated with this recommendation?  Is maintainng an Okta local administrator as a backup sufficient ot allow all other admins (Super included) to be AD or IDP mastered? Or is there a wider risk that dictataes admins be OKta side only...