MissB.53196 (Customer) asked a question.
How to configure API Token with limited readonly user profiles admin role based on group memberhip?
I am very new to Okta Admin portal and there for asking the best practice tips for use case:
Original task: populate apex database with user profiles based on group membership
What I though I'd need to do: Create API Token with -> creating app service account limiting readonly admin rights to group "App Users" resource set.
How ever it looks like the standard ReadOnly Admin role cannot be set with "resource set" feature and the custome admin role options do not seem to contain the read only option so the question is - how to do this? The database does not need to get all users - only those in specific group so the API Token should not be able to read all users profiles....
Hello @MissB.53196 (Customer) Thank you for posting on our Community page!
In this case we would recommend to use a Group admin, and give that group admin the necessary groups that he can manage.
Please also see more info on the admin roles below:
https://help.okta.com/en-us/content/topics/security/administrators-admin-comparison.htm
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.