GregH.00578 (Customer) asked a question.
Limiting report access
We want to give clients group admin access so they can manage their own users.
We do not want to allow client A to see client B's users/activity/etc
How do I allow either client to view reports without letting them see the entire syslog or the entire user list?
Report Administrator documentation says : . For example, assigning report admin permissions to a user who is also a group admin enables the user to view all reports and System Log events, but only drill down into report details for the groups they manage.
Not good enough. I don't want client A to know anything about client B's users.
We are particularly interested in allowing clients to review the last login date (via the Password Health Report) to audit their users and maintain as necessary.
Hi @GregH.00578 (Customer) ,
I've escalated your question to our Customer Support team. They will respond to you shortly here.
Thanks!
Tim
Okta, Inc.
Thank you for posting on the Okta Community forum, Ovidiu here with Support team!
Once you assign group admin roles to a user and assign the Reports Administrator role as well, that admin would then be able to view the logs and reports only for the users they manage (and groups).
This way the admin would only have access to the users that they are supposed to manage, and not have access to any other users in that organization, as well as the Reports and logs, so then client A would not have any information about client B's users.
If there are any issues that you are encountering, you can open a ticket with us in order to investigate in more detail.
But the documentation states they can view all system log events. And thats what my test show.
I don't want to display High Level system events. Client A group/report admin should not know Client B users exist.
I guess we will have to do it out of the SIEM.