BrettA.35061 (Customer) asked a question.
I've created a service account in Okta, and granted it "Application Administrator" role to two existing Applications.
The purpose of the service account is to perform automated administration of the Applications.
I now want to create an API Token. However when I log in as the service account user, the Security menu is missing from the dashboard. If I try to visit the URL directly (https://{mydomain}-admin.okta.com/admin/access/api/tokens) I get a 403 error.
As an experiment, I granted the service account broader admin rights, such as "Read-only Administrator". In this case, the service account was able to see the Security -> API -> Tokens menu and do Create Token.
However this is not viable - I want to limit the rights of the service account to just administer the two specific applications. I cannot grant it broader rights than that.
What is the solution here?
(I'm doing this in a development account, proving the concept before applying it to the enterprise production account).
Hello @BrettA.35061 (Customer) Thank you for reaching out to our Community!
This is expected depending on the level of admin and the type of admin, please review our documentation on Administrators here:
https://help.okta.com/en/prod/Content/Topics/Security/administrators-admin-comparison.htm
https://help.okta.com/en/prod/Content/Topics/Security/Administrators.htm
Hope this helps!
Thanks. However I need a solution to the problem.
How can the Application Administrator use the Apps API (https://developer.okta.com/docs/reference/api/apps/) ?
They cannot create an API token for themselves. And there is no facility for another admin to create a token for them.
Thanks,
Brett