MyounghunP.12250 (Customer) さんが質問をしました。
Hello,
I have a question regarding Okta administrator roles and SCIM provisioning.
Is it possible to provision or manage Okta admin roles (such as Super Admin, App Admin, Group Admin, etc.) via SCIM or lifecycle provisioning?
More specifically:
Can Okta admin roles be assigned through SCIM user attributes (for example, using a roles attribute)?
Or are Okta admin roles strictly managed internally within Okta and not exposed to SCIM provisioning?
If SCIM is not supported for admin role assignment, is there any supported API or recommended approach to automate admin role management?
I’m currently working with a SCIM 2.0 integration and want to understand whether admin-level permissions can be provisioned, or if this is intentionally restricted for security reasons.
Any clarification or official guidance would be greatly appreciated.
Hi @MyounghunP.12250 (Customer) , Thank you for reaching out to the Okta Community!
To answer your questions:
Can Okta admin roles be assigned through SCIM user attributes (for example, using a roles attribute)?
>No.
Or are Okta admin roles strictly managed internally within Okta and not exposed to SCIM provisioning?
>Yes.
You can leverage attributes in conjunction with the Okta Group Rules feature .
Example:
> Create dedicated group(s)
> Assign desired Admin permission to those groups
> Created group rule to add users to those groups based on attribute value.
That being said, please review the above documentation and keep in mind the feature restriction and best practices.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.
Just released: More Okta Community badges just added