Administrators using the Secure Partner Access (SPA) Portal cannot perform a "Global Search" to locate users across all Realms simultaneously. Search functionality is strictly limited to the specific Realm currently selected by the administrator. Even if an admin has permissions for multiple Realms, they must navigate into a specific Realm to find or manage users belonging to that Resource Set.
- Okta Identity Governance (OIG)
- Secure Partner Access (SPA) Portal
- Multi-Realm Configurations
- Delegated Administration
- Okta Identity Engine (OIE)
The SPA Portal architecture is built on the principle of "Realm Isolation". Realms are intended to act as mutually exclusive directory boundaries within a single Okta organization to ensure data privacy and administrative segmentation. Consequently, the SPA interface is context-aware; it loads the specific user and group indices associated with the active Realm ID to prevent cross-tenant data exposure or "leaking" of user information between different partners or business units.
To manage users across different environments, utilize one of the following methods:
- Realm-Specific Navigation: If the administrator knows which partner or division the user belongs to, they must select that specific Realm from the SPA dashboard before utilizing the search bar.
- Standard Okta Admin Console: For administrators who require a "Global" view of the entire Universal Directory, the standard Okta Admin Console should be used instead of the SPA Portal. The standard console search is not bound by Realm boundaries and can query all users regardless of their Realm assignment.
- Resource Set Scoping: Ensure that the Delegated Admin's Resource Set includes the necessary groups or user attributes for the Realm they are searching. If a user is "Pending" and has no group assignments, the Resource Set must be configured to All Users within that Realm for the search to return results.
