New Beta Feature: Help Desk Administrator Role Skip to main content
https://support.okta.com/help/blogdetail?id=a672a000000xcfcqa0&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fblogdetail
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.

New Beta Feature: Help Desk Administrator Role

Apr 19, 2017 | by Aaron Yee in Lifecycle Management

Introduction

Okta released a new administrator role called Help Desk Administrator that can perform common help desk actions such as:

  • Reset Password (Okta or AD password)
  • Reset Multifactor Authentication
  • Unlock Account
  • Clear User Session

This role has a reduced set of permissions and promotes good security practices by not granting unnecessary permissions to help desk personnel.

What's new?
 
This new beta allows you to:
  • Grant help desk administrator roles to your help desk personnel without giving excessive permissions
  • Replace the use of the "User Administrator" role with Help Desk Administrator role
  • Choose to scope the Help Desk Administrator role by group


Who is this beta for?

Okta customers who need to solve delegated administration use-cases can do so with the new role. These use-cases include but are not limited to the following:

  • Single Help Desk that does not need excessive permissions to perform role
  • Tier 1 IT that handles high volume account transactions (password resets)
  • Branches, Brands, or Franchises that have separate IT teams
  • Partners that need to perform actions on just their own users
  • Outsourced Service Vendors that need to perform actions on just their own users


Limitations

There are several known limitations to this beta:

  • A user can be assigned the Help Desk Administrator role in addition to other roles, thereby granting more permissions than those in just the Help Desk Administrator role; be judicious when assigning roles.
  • Reset Password does not work on LDAP passwords.


I'm in! How do I get started?

To enroll in this program, please sign-up at the Beta enrollment page

Comments

  • Jim Spohnholtz on April 20, 2017

    I sure hope we can allow this Role to add IP Addresses to the Gateway setting. We have 170+ locations with different broadband providers across the country and we have several IP address changes weekly or more, We also have backup cellular devices that can receive changing IP addresses.
    This sounds like a very nice feature and I glad to see Okta moving in the right direction. Thanks!