Okta’s Custom Admin Roles: Flexibility + Security for Strategic Growth

As businesses grow, the number of teams and apps will inevitably grow with them. And that means tackling the administrative challenges that come with growing teams. To that end, Okta’s delegated administration experience with custom admin roles is now generally available (GA), with an updated UX and expanded functionality that all customers can benefit from. With these investments, Okta continues to be the strategic identity cloud platform, enabling a breadth of complex identity use cases for customers at global scale. 

Okta’s delegated administration feature set offers businesses and brands the ability to increase security and IT productivity by enabling the separation of duties within companies for strategic growth and scale. Organizations have the flexibility to audit and customize administration to their specific needs, while their teams and employees are granted just the right level of administrative access. Companies are able to collaborate with partners and connect with their customers, knowing that access and visibility around confidential data remains secure.

Refined admin management for improved employee, customer, and partner experiences

Custom admin roles provide a level of granularity for managing secure resources that can fit any organizational structure. The updated admin experience expands beyond Okta’s standard admin roles. It enables customizable administrative control, creating a uniquely flexible administration with security and autonomy.

With this new admin management experience, Admins are users who are assigned roles which are then constrained to specific resource sets:

• What can an Admin do? Roles are the permission sets that admins have, which can be standard Okta roles or custom roles.
• What do those permissions apply to? Resources are applications and groups that an admin’s role is constrained to.

Even organizations that have achieved the admin granularity they need with Okta’s standard roles can benefit from the new admin management experience. A new overview and audit log of admins ensure that no access changes go unnoticed by surfacing all admin privilege changes on the administrator’s landing page. Default admin email notifications are now defined and managed in context with admin roles. These are just a few of the great changes that all customers benefit from. For more details on additional features like admin assignment reporting and UI changes, check out our blog post, Four Benefits of Okta's New Custom Admin Roles. 

Full end-to-end user lifecycle management and authentication for evolving business models and global scale 

Customers’ business needs, priorities and aspirations continually inspire, motivate, and shape the way Okta innovates. When custom admin roles became available in Early Access, over 500 customers engaged with the user, group, and application permissions made available at that time. We’re excited to announce that more enhancements have been added to our delegated administration offering, starting with the permissions most requested by customers.

With GA, we are providing even more granularity within permissions. Admins will be able to modify specific lifecycle stages for Joiner-Mover-Leaver processes, delegate imports from Active Directory (AD), Lightweight Directory Access Protocol (LDAP) and HR systems, and take more granular user operations including resetting passwords and MFA.

For a complete list of features and use cases supported by custom admin roles, see our Custom administrator roles documentation.

Customer Spotlight: Ally Financial

At Okta, developing best-in-class identity platforms means delivering solutions that are easy to implement, maintain, and use. Custom admin roles allows Okta customers to focus on growing their businesses securely, seamlessly, and effectively, with Ally Financial as a premium example. 

As a leading digital financial services company, Ally Financial manages a complex workforce with diverse needs. To support call center representatives, the company needed to delegate help desk administration and limit access to a subset of the Service Desk team; they also had to enable Supply Chain teams to manage specific profile attributes for various lifecycle states of contractors and vendors in their supply chain. Custom admin roles enabled Ally Financial to uphold a Zero Trust security model with flexibility and security for both Workforce use cases.

“We're a highly regulated industry and the principle of least privilege is very important in ensuring we're reducing risk. Okta's custom admin roles gave us the ability to securely delegate help desk administration to improve productivity and remove bottlenecks. Moreover, our HR and vendor management teams are able to effectively manage their teams with the appropriate level of access to their data and nothing more. Okta's continuous innovation has been instrumental to us as our business continues to scale.”

- Alice Kondraciuk Schlienz, Cybersecurity Director for Workforce IAM & IAM Strategy, Ally Financial

Phew! Well, that’s a wrap for the GA launch of custom admin roles! We’ll continue innovating to deliver the most flexible, secure, and comprehensive solutions that customers have come to expect from a strategic partner. At Okta, our core values are key pillars of our identity as a business and as a platform. Bringing custom admin roles to life – the top-voted feature by Okta customers – embodies these values, “Love Our Customers” and “Never Stop Innovating”, more than ever.