Gives your delegated admin the ability to view, create, edit, and delete branding customizations in your Okta organization. Gives your delegated admin the ability to only view the authorization servers in your Okta organization. Gives your delegated admin the ability to view, create, edit, and delete authorization servers in your Okta organization. Gives you delegated admin the ability to run flows from within the Admin Console. Your delegated admin will need the Edit users' profile attributes permission from the User permissions section to modify any existing users who are included in the import. Admins with this permission can create users through the import. Gives your delegated admin the ability to run imports for apps with a profile source, such as HRaaS and AD/LDAP apps. Your delegated admin also needs to have either the Edit groups' application assignments permission from the Group permissions section or Edit users' application assignments permission from the User permissions section to view and select which users or groups of users they can add to the application. Gives your delegated admin the ability to manage the users assigned to the application. Gives your delegated admin the ability to only view applications assigned to your Okta organization. Gives your delegated admin the ability to view, create, edit, and delete applications in your Okta organization.
Your delegated admin also needs to have the Edit application's user assignments permission from the Application permissions section to view and select the applications they can add to the group. Gives your delegated admin the ability to manage a group’s application assignment. Your delegated admin also needs have the Edit users' group membership permission from the User permissions section to view and select which users they can add to the group. Gives your delegated admin the ability to view, edit, and delete user membership within group Gives your delegated admin the ability to only view groups and the users and applications assigned to that group Gives your delegated admin the ability to create groups provided that their admin role assignment is constrained to the entire org. Gives your delegated admin the ability to view, create, edit, and delete groups in your Okta organization. However, the following permissions aren't applicable to AD-sourced and LDAP-sourced groups: You can use Okta-sourced, AD-sourced, and LDAP-sourced groups as resources. Your delegated admin also needs to have the Edit application's user assignments permission from the Application permissions section to view and select the applications they can add to the user. Gives your delegated admin the ability to manage a user's application assignment. Your delegated admin also needs to have the Manage group membership permission from the Group permissions section for the group they can add a user to. Select this permission to grant your delegated admin the ability to add user to a group. Gives your delegated admin the ability to manage a users' group membership.
Gives your delegated admin the ability to read users' profile and credential information.
SERVER QUERY PERMISSIONS RESET PASSWORD
Gives your delegated admin the ability to expire a user’s password and set a new temporary password. Gives your delegated admin the ability to reset users' passwords. Gives your delegated admin the ability to reset users' MFA authenticators. Gives your delegated admin the ability to manage users' credential operations, such as resetting passwords and multifactor authentication (MFA), including YubiKey enrollments. Gives your delegated admin the ability to clear all active Okta sessions and OAuth tokens for an end user. Gives your delegated admin the ability to unlock users who have been locked out of Okta. Gives your delegated admin the ability to permanently delete user accounts. Gives your delegated admin the ability to restore users' access to Okta. When a user is suspended, their user sessions are also cleared. Gives your delegated admin the ability to suspend users' access to Okta. Gives your delegated admin the ability to deactivate user accounts. Gives your delegated admin the ability to activate user accounts. Gives your delegated admin the ability to manage user lifecycle operations, such as activating, deactivating, reactivating, and suspending users. However, this permission doesn't allow the delegated admins to create or edit custom attributes from the Profiles page in the Directory, or to manage profile mappings.
Gives your delegated admin the ability to only edit the value of their users' profile attributes. Gives your delegated admin the ability to create users.
Gives your delegated admin the ability to view, create, edit, and delete all profile and credential information for users.
0 kommentar(er)
