This article walks through how to assign a user admin permissions that will allow them to manage and create custom OpenID Connect applications.
- Standard Administrator Roles
- OpenID Connect/OAuth 2.0 applications
There are two ways that a user can be granted permissions to manage all custom OpenID Connect applications (and no other type of application) within an org using Standard Administrator Roles.
API Access Management Administrator
A user assigned this admin role has permission to manage all custom OpenID Connect applications in the org (including the ability to create new ones), as well as permissions to manage all Custom Authorization Servers. This role cannot be further constrained to limit which Authorization Servers or Applications this user can manage. Still, it is possible to create a custom admin role that can only manage specific Authorization Servers, as described in this article: How to Create a Custom Admin that Can Manage Specific Authorization Servers | Okta Support Center.
NOTE: This role will only exist if the org in question has the API Access Management feature enabled. If that feature is not available in the org, proceed to the second option using the Application Administrator role.
Application Administrator
A user assigned this admin role must be granted permission to manage a specific set of applications. To configure an Application Administrator so that they can manage all custom OpenID Connect applications in an org and have the ability to create new custom OpenID Connect applications, assign them the Application Administrator role.
Next to the field labelled Applications, click the Edit button to select the specific applications to which this admin should be assigned.
Search for and select the option All OpenID Connect Client apps and confirm the assignment.
