SvcBancsAPITestT.08169 (Customer) asked a question.
We have created admins to manage specific groups for user creation. IE: Admin Group A can create users in User Group A, but not in User Group B.
These admins need to be able to see Syslog for troubleshooting.
In testing, they are able to see all Syslog activity. We need to restrict this so they only see activity related to their specific users and/or groups.
Is this even possible?
I believe what you are asking if in fact possible, but may require you to leverage the custom role capability in Okta.
Please refer to the below links.. if this is something you have done already, please let me know and we can re-evaluate.
Best practices for creating a custom role assignment
&&
Guidance for structuring Okta groups
It states that in cases where you need to manage group A only but see all users, you would need two distinct roles. In your case, you are asking for the reverse, so you may just need the one.
Thanks!
Hi @SvcBancsAPITestT.08169 (Customer) , Thank you for reaching out to the Okta Community!
Following up on what @DonF.81354 (Customer) said - currently the access to the logs is "all or nothing". If the admin role/permission level granted to the specific user grants access to reports, they will see all info. It will not be filtered.
You can suggest a feature enhancement for the logs or admin permissions on the Okta Community page by going to the Community→ Ideas tab. Features suggested in our community are reviewed and can be voted and commented on by other members. High popularity will increase the likelihood of it being picked up by the Product Team and it being implemented.
More details here:
https://support.okta.com/help/s/blog/a674z000001cj7YAAQ/okta-ideas-faq?language=en_US
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
yes, lots customer ask more granular OAuth2 API and API token scopre for permissions as you. I create feature request in the okta ideas, the link:
https://ideas.okta.com/app/#/case/164611
please vote and leave a comment if it same as your feature request.
@Mihai Negoita - Okta (Okta, Inc.) Thanks for the clarification on this, hopefully that is a feature that can get rolled out in the future.
@a0n5s (a0n5s) Will vote for sure. Thank you for getting that going.
Thanks,
Don
@DonF.81354 (Customer) thanks for your vote.
I receive the update from Okta ideas yesterday night. I ask contact Okta CSM and PSE push this feature request. Hope can consideration in their product roadmap.
There's been an update on your Okta Ideas request: More granular OAuth2 API and API token scopre for permissions
Your request status is now: Product review
Here's the update from Leila Dunning of Okta Ideas:
“Good news! Your idea has been passed on to our product team for review and consideration in our product roadmap. In the meantime, you can learn more about what we are currently working on by visiting our product roadmap: https://support.okta.com/help/s/productroadmap”
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
Hi @SvcBancsAPITestT.08169 (Customer) , Thank you for reaching out to the Okta Community!
Following up on what @DonF.81354 (Customer) said - currently the access to the logs is "all or nothing". If the admin role/permission level granted to the specific user grants access to reports, they will see all info. It will not be filtered.
You can suggest a feature enhancement for the logs or admin permissions on the Okta Community page by going to the Community→ Ideas tab. Features suggested in our community are reviewed and can be voted and commented on by other members. High popularity will increase the likelihood of it being picked up by the Product Team and it being implemented.
More details here:
https://support.okta.com/help/s/blog/a674z000001cj7YAAQ/okta-ideas-faq?language=en_US
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
The Okta Community November newsletter is here. Get product updates and see our top contributing members.