How to Create a Custom Admin Role in Okta That Manages Specific Authorization Servers
Mar 13, 2026
API Access Management
Okta Classic Engine
Okta Identity Engine
Overview
This article walks through how to assign a user/service app permission to manage specific Custom Authorization Servers.
Applies To
- API Access Management
- Custom Admin Roles
- Okta Classic Engine
- Okta Identity Engine (OIE)
Cause
There is an "API Access Management" standard admin role that allows that user/service app to manage ALL custom Authorization Servers in their org. However, if the goal is to allow this user/service app to manage only specific Authorization Servers, a custom admin role and accompanying resource set can be created.
Solution
- Create a custom administrator role with permissions to Manage authorization server:
- Create a Resource Set for each Authorization Server (or sets of authorization servers that can be managed by the same admins), making sure to choose Select authorization servers, and then only specifying the applicable authorization server(s).
In this example, there are two authorization servers: Auth Server A and Auth Server B.
- Assign the user who needs to manage Auth Server A the custom Auth Server Admin role, but restricted to the Auth Server A resource set.
The same process can be followed for a user who needs to manage only Auth Server B, assigning the Auth Server Admin role for the Auth Server B resource set:
