<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Enable "Disconnect user from Active Directory" Admin Permission
Sep 12, 2025
Administration
Okta Classic Engine
Okta Identity Engine
Overview

This article presents the specific custom admin role/permission that would allow an admin to see the "Disconnect from Active Directory" option in the More Actions drop-down on a user record.

Applies To
  • Okta Custom admin role 
  • Custom Resource
Solution

To create a custom administrator role with the necessary permissions, configure the role and its corresponding resource set as follows.

  1. Assign the following permissions to the custom administrator role:

    1. Edit the user's lifecycle states.

    2. View users and their details.

    3. Edit the user's application assignments.

    4. Edit the application's user assignments.

Edit user's lifecycle states

View users and their details  

Edit user's application assignments

  1. Assign the following to the resource set:
    • Applications: All Active Directory applications
    • Users: All users

edit resource set

Recommended content

Still looking for help?
Loading
How to Enable "Disconnect user from Active Directory" Admin Permission