Configuring user roles and managing access permissions in Identity Security Posture Management (ISPM) requires mapping Okta groups to ISPM permission levels. ISPM does not assign roles directly to individual users. Instead, administrators manage access by mapping ISPM permission levels to specific group names imported from Okta.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• Identity Security Posture Management (ISPM)
• Role-Based Access Control (RBAC)

What are the available permission levels in ISPM?

The following list details the available permission levels and the associated capabilities in ISPM.

• Super admin: Grants full access to all applications, settings, and connected sources.
• Issue responder: Allows users to view and dismiss security issues. This role requires specifying which sources the group is allowed to manage.
• Issue viewer: Allows users to monitor security issues without making changes.
• Source administrator: Allows users to connect and manage data sources.

What steps are required to configure and assign the Super Admin role?

This feature requires the user to be a Super Admin. Set up and assign the Super Admin role by creating a group in Okta, assigning the application, and mapping the permission in the ISPM console.

1. Create a group in the Okta Admin Console and add the relevant users to the group.
   NOTE: If creating a group for Super Admins, the group name must include ISPM (for example, app-ispm-super-admins).
2. Go to Applications > Applications in the Okta Admin Console, search for Okta ISPM - SSO OIDC, and assign the application to the group.
3. Navigate to Settings > Role assignment in the ISPM console.
4. Select Super Admin from the Roles dropdown menu.
5. Follow the prompts to enable role assignments.

Enabling this feature makes access to the ISPM console strictly permission-based. Any user who is not a member of any mapped group loses access to the ISPM console. For other roles, refer to the ISPM documentation.

Related References

• Role assignment