<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00008zyV7qCAEOkta Identity EngineAdministrationAnswered2024-01-16T17:51:17.000Z2023-03-31T00:17:11.000Z2023-03-31T23:12:37.000Z

User1680214069610686166 (Customer) asked a question.

March 31, 2023 at 12:17 AM
Managing groups with administrative roles

I was reading documentation on group management in Okta (https://help.okta.com/oie/en-us/Content/Topics/Security/administrators-admin-comparison.htm?cshid=ext-administrators-admin-comparison) and I came across this here

 

  • Only super admins can manage groups with administrative roles. If a group admin is assigned access to a group that is later assigned an admin role, the group admin will no longer be able to make any changes over the group or group members.

 

Is there no way to create a hierarchy of admin groups within Okta? I'd like to create an admin group with password reset ability for an end user group. Additionally, I'd like either individual admins or groups of admins to be able to add users to the admin group without being full blown SuperAdmins.

 

Is this possible?

  • 2 answers
  • 543 views

  • User16594883467582706479 (Customer Support Online Experience)

    Hi, @User1680214069610686166 (Customer)​ 

     

    Thank you for posting on our Community page!

     

    You can create a Custom Admin role: https://help.okta.com/oie/en-us/Content/Topics/Security/custom-admin-role/about-creating-custom-admin-roles.htm

     

    Thank you for reaching out to our Community and have a great day!

     

    _____________________________________________________________________________

    Community members help others by clicking Like or Select as Best on responses. Try it today.

    _____________________________________________________________________________

    Expand Post
    Selected as Best

  • IanD.81005 (Customer)

    Hi Laura,

     

    I've tried using a custom admin role to achieve this but with no success. I did a little testing and if I removed the admin privileges from the group that was administering end users, I could add users to that group with the custom admin. When I added back the admin privileges to that group, my custom admin could not add users to it.

     

    The hierarchy I am trying to implement looks something like the following:

     

    Add User Admin -> Reset Password Admin -> End Users

     

    This setup doesn't appear possible unless the Add User Admin is a Super Admin.

     

    Can you point me to a reference for setting up a hierarchy that achieves this goal?

     

    Thanks!

     

     

    Expand Post
This question is closed.
Loading
Managing groups with administrative roles