<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UgiSAFOkta Classic EngineAdministrationAnswered2024-03-25T17:40:15.000Z2018-07-10T14:19:04.000Z2018-08-12T04:15:03.000Z

gsa5x (gsa5x) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Okta Agent Super Admin vs. App Admin
I'm wonering if someone can weigh in on the best practice around assigning admin privileges to the Okta agent account which is used to authenticate back to the Okta instance.. I understand  the surface differnce between a super admin and an application admin but not the level required by the Okta mastered agent to perform its functions.  Any help is much appreciated or direction to an answered post as I can't seem to find one.

 

George
  • 2 answers
  • 947 views

  • razvan.popa1.5051427435877913E12 (Okta, Inc.)

    Hi George,

     

    Happy to help on this one!

     

    The details of the permissions can be found here: https://help.okta.com/en/prod/Content/Topics/Directory/okta-active-directory-agent.htm?Highlight=ad%20agent

     

    To your question, the AD agent should not need more than an App Admin role to perform its processes. The above documentation also contains a link to administrative roles and the differences in permissions and capabilities.

     

    Hope this helps! Have a great day!

     

    Razvan Popa

    Technical Support Engineer

    Okta Global Customer Care

    Expand Post
    Selected as Best

  • gsa5x (gsa5x)

    Hi Razvan,

     

    Thank you so much for your reply - very helpful ... I noted something else in the documentation you provided, OKTA recommends that no administrators be AD mastered , what is the concern / risk associated with this recommendation?  Is maintainng an Okta local administrator as a backup sufficient ot allow all other admins (Super included) to be AD or IDP mastered? Or is there a wider risk that dictataes admins be OKta side only...
    Expand Post
This question is closed.
Loading
Okta Agent Super Admin vs. App Admin