Hello, I want to grant Group Membership admin rights to a team of 5 people who need to manage several hundreds of groups but not all groups in the organization. The standard "Group Membership Admin" role has some limitations that I couldn't overcome, so I need to create a custom role with similar capabilities.

​

However, I discovered that "view users and their details" only allows access to logged in admin's profile, and I need to grant access to all user profiles in the tenant.

​

Is this a bug/known issue with this permission or am I missing something?

​

If there a workaround that I could use to grant the following permissions to my custom role:

• View ALL users in the tenant
• Add/remove users from the managed groups (subset of groups in the tenant)
• If admins need to manage other subset of groups, they can receive a similar role targeting different resource sets.
• Okta API can be used to create/update resource subsets with hundreds of groups for easier maintenance.

Thanks in advance for your help.