How to assign custom admin role & okta default admin role both to a group

Loading

Skip to Navigation Skip to Main Content

Search

Search

Select Language

0D54z00007ycT5ACAUOkta Identity EngineAdministrationAnswered2025-10-11T09:00:47.000Z2022-08-22T13:16:12.000Z2022-08-23T04:41:40.000Z

servicea.28287 (Customer) asked a question.

August 22, 2022 at 1:16 PM

How to assign custom admin role & okta default admin role both to a group

Hello, we have a group, and that group has some group rules. We have created a custom role and resource for this is another group and given it some permissions. However, since viewing system logs is not a feature of permissions, I also want to add the report administrator role to the group. But if I try to do that, I get an error. I've included the screenshot of the error as proof.

Additionally, I want the users of that group who have been given a custom role to be able to view the groups and applications that have been assigned to users without the ability to alter them. To accomplish this, what permissions do I need to add to the custom role?

Top Rated Answers

b5n6c (b5n6c)
4 years ago
Hi Megha Rathod ,
Roles cannot be assigned to groups with group membership rules, since it gives admin privileges indirectly to 2 different groups .
If a custom administrator want to see groups and applications in which users of a specific group is part you have to give the following permissions while creating a custom role:
1.View users and their details
2.View groups and their details
3.View application and their details
Along with that in resource set you have mention the group name & application names.
For Reference :
https://help.okta.com/en-us/Content/Topics/Security/custom-admin-role/about-creating-custom-admin-roles.htm
https://help.okta.com/en-us/Content/Topics/Security/custom-admin-role/about-role-permissions.htm
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Expand Post
Selected as Best

All Answers

servicea.28287 (Customer)
4 years ago
Screenshots :
Expand Post
b5n6c (b5n6c)
4 years ago
Hi Megha Rathod ,
Roles cannot be assigned to groups with group membership rules, since it gives admin privileges indirectly to 2 different groups .
If a custom administrator want to see groups and applications in which users of a specific group is part you have to give the following permissions while creating a custom role:
1.View users and their details
2.View groups and their details
3.View application and their details
Along with that in resource set you have mention the group name & application names.
For Reference :
https://help.okta.com/en-us/Content/Topics/Security/custom-admin-role/about-creating-custom-admin-roles.htm
https://help.okta.com/en-us/Content/Topics/Security/custom-admin-role/about-role-permissions.htm
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Expand Post
Selected as Best
- servicea.28287 (Customer)
  4 years ago
  Thanks @b5n6c (b5n6c) , I'll try this.
  Expand Post

This question is closed.

Recommended content

Forum

Assign Custom admin role to okta app

Forum

Admin Role Privileges For Group Admin

Forum

Learn how Okta has improved System Logs for Role Assignment Changes

Forum

Assign custom scopes to users or groups

Loading

How to assign custom admin role & okta default admin role both to a group