AD Agent admin role Skip to main content
https://support.okta.com/help/answers?id=9062a000000dfkaqag&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
SR IDP API (DO NOT DELETE)SR IDP API (DO NOT DELETE) 

AD Agent admin role

What is the best administrator role for the AD Agent account? I've seen documentation that claims you should use "Application" but I was told by a support rep to use "Super" when we originally configured it. I would rather NOT use Super on any account unless I absolutley have to. I assume it would need "Organization" or "Group" to create users and groups from AD. What is the offical answer? Thanks.
Best Answer chosen by SR IDP API (DO NOT DELETE)
Andrei SuciuAndrei Suciu (Okta, Inc.)
Hi Jeff,

The minimum Admin rights required for the installation of the AD Agent it is indeed the Application Admin. But, you can choose to give him some higher Admin rights depending on the permissions you want to have when taking actions from your AD instance. The Super Admin role is quite used as it gives you full permissions, but sometimes not entirely necessary. You can read more here (https://support.okta.com/help/Documentation/Knowledge_Article/Administrators-793645444) regarding the permissions given according to the Admin role. 

All Answers

Andrei SuciuAndrei Suciu (Okta, Inc.)
Hi Jeff,

The minimum Admin rights required for the installation of the AD Agent it is indeed the Application Admin. But, you can choose to give him some higher Admin rights depending on the permissions you want to have when taking actions from your AD instance. The Super Admin role is quite used as it gives you full permissions, but sometimes not entirely necessary. You can read more here (https://support.okta.com/help/Documentation/Knowledge_Article/Administrators-793645444) regarding the permissions given according to the Admin role. 
This was selected as the best answer
Dylann FezeuDylann Fezeu (Customer First Programs)
Hello,

Thanks for posting your inquiry in Okta Community Portal.

​If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer." 

Thank you,

​Dylann Fezeu
OHC Team