Okta released a new administrator role called Help Desk Administrator that can perform common help desk actions such as:
- Reset Password (Okta or AD password)
- Reset Multifactor Authentication
- Unlock Account
- Clear User Session
This role has a reduced set of permissions and promotes good security practices by not granting unnecessary permissions to help desk personnel.What's new?
This new beta allows you to:
- Grant help desk administrator roles to your help desk personnel without giving excessive permissions
- Replace the use of the "User Administrator" role with Help Desk Administrator role
- Choose to scope the Help Desk Administrator role by group
Who is this beta for?
Okta customers who need to solve delegated administration use-cases can do so with the new role. These use-cases include but are not limited to the following:
- Single Help Desk that does not need excessive permissions to perform role
- Tier 1 IT that handles high volume account transactions (password resets)
- Branches, Brands, or Franchises that have separate IT teams
- Partners that need to perform actions on just their own users
- Outsourced Service Vendors that need to perform actions on just their own users
There are several known limitations to this beta:
- A user can be assigned the Help Desk Administrator role in addition to other roles, thereby granting more permissions than those in just the Help Desk Administrator role; be judicious when assigning roles.
- Reset Password does not work on LDAP passwords.
I'm in! How do I get started?
To enroll in this program, please sign-up at the Beta enrollment page