wjw8p (wjw8p) asked a question.
Isolating org admins from adding users to sensitive groups
We have a traditional setup where IT owns the Okta org and all admin functions. We'd like to integrate our Okta directory with some cloud infrastructure services and grant access to users via specific groups that a different team manages - however, we also want to prevent the chance of a compromise of our IT team being used to move sideways into these other cloud infrastructure services. In other words, prevent IT from unilaterally adding users to our groups controlling access in these 3rd party systems.
Is the only solution to have a completely separate Okta organisation that we manage ourselves, or is there another way to do this within the one Okta organisation?
Hello Oliver,
Thank you for contacting Okta. Cristian here with the Support Team.
Unfortunatelly you cannot limit Super admin access to certain appliations ( Active Directory in this scenarios). As you mentioned the best approach would be to create separate organisations.
If you need further assistance with the integration please open a ticket with our Support Team and we will be happy to assist you.
Have a great day!