By default, all Okta Administrators (Okta Admins) are provisioned to the Okta Support Center to access Okta Support Center content that requires authentication. For managing support cases, the Case Admin Permission and Elevated Support Contact are available for customers to assign and control who has access to view, create, and update cases on the Okta Support Center. Refer to New Case Admin Permission and Elevated Support Functionality on the Okta Support Center for more details.
Okta Admins can manage users, including creating, updating, and deactivating them, via the Okta Admin Console. This article will provide an overview of how to do so. Okta strongly encourages customers to continually review and manage who is designated as an Okta administrator, including a Super Administrator.
Important Note to Super Admins about Account Deactivation
Please note that most changes made to Okta Admins within the Okta Admin Console do sync with the Customer Support System and Okta Support Center. Please note that the Okta Admins that are deactivated by Super Admins are tagged as inactive in the Customer Support System and will lose access as a result. For example, if an admin user account is deactivated or a user has all admin roles revoked, the user account will not be able to access the Okta Support Center to submit and view support cases for that Okta org.
Okta Community Users
Okta also has a self registration process for individuals who wish to participate in the Okta Community. These users would be able to submit forum questions, post to the community, and submit Okta Ideas (feature requests). These users do not have access to submit and view cases or perform other capabilities as a standard customer contact with the Okta Support Center. Okta Admins are not able to deactivate users with the admin console who are self-registered Okta Community members (i.e., not tied to an Okta account, do not use Okta Customer credentials to log in to the Okta Community). However, admins can request to deactivate a self-registered Okta Community member by emailing community@okta.com.
- Okta Administrators
How to Create an Okta Administrator Account
Super Admins can create, modify, and manage all Admins in an org. To learn more about admin roles see here. Okta recommends customers minimize the number of admins and super admins and use custom admin roles to minimally scope the permissions required by admin users to accomplish their privileged tasks.
How to Deactivate a User Account
Okta Admin users can be deactivated and deleted. Details can be found here: Deactivate and delete user accounts. A deactivated Okta Admin no longer has access to the Okta Support Center. This includes access to view and create cases.
How to revoke Okta Administrator roles from a user
By revoking all of a user’s Okta Administrator roles, an active Okta user loses all their admin privileges and no longer has access to the Okta Support Center. Super Admins can perform this action from the Okta Admin Console > Security > Administrators > Admins tab.
How to prevent an Okta Administrator from being provisioned to the Okta Support Center
Customers can use the Third Party Administrators functionality to prevent some admins in their org from being provisioned to the Okta Support Center and Okta Support System. When this feature is used, an admin is able to perform actions as allowed by their Okta Administrator role in the org but will not get access to the Okta Support Center. This means these admins are not able to view, create, or manage cases, nor will they receive Okta communications such as release notes.
If an admin is initially set up as a Third-Party Admin, it prevents synching them to the Okta Support Center as a user. If an admin is initially set up as a non-third-party Admin and then later updated to a Third-Party Admin, their user will exist in the Okta Support System, but they will be prevented from performing any actions.
How to self-register for the Okta Community
This provides users the ability to engage in the Okta Customer Community, creating posts, replying and liking posts. This includes submitting a feature request via Okta Ideas.
To create a new community user:
- Navigate to support.okta.com.
- Click on the Log in button on the top right hand of the page.
- Follow the steps on the page.
How to request to deactivate a Community User Account
Send a request email to community@okta.com and provide the user name, email address, and company name, and indicate to deactivate the Okta Customer Community Account. Deactivated accounts lose access to the Okta Support Center. Furthermore, this action cannot be undone once requested.
For a full list of actions that can be taken to manage users, see the Manage users documentation.
