Okta Launches Custom Administrator Roles for Identity Safety Through Okta Artificial Intelligence
Okta, a leading identity and mobility management company, has announced an expansion of custom admin roles within its Identity Threat Protection (ITP) offering. This enhancement aims to provide more granular control over access management, aligning with the principle of least privilege.
With the extended custom admin roles, Okta has introduced new permissions that offer precise control over ITP features and settings. These permissions enable delegated administration without granting full super admin privileges. Additionally, two new resource types have been added: "User Risk" and "SSF Receiver Streams," which are directly related to Identity Threat Protection aspects within Okta Workforce Identity.
These roles can be assigned to both users and groups, following Okta’s established admin role management model. This expansion supports better security posture by minimizing access and matching admin responsibilities to job functions in Identity Threat Protection scenarios.
The custom admin role for an Identity Threat Protection administrator now provides limited access. Users can see (but not modify) the user's apps and groups and view user risk (but not access the user profile or devices). The role also grants permissions for deactivating users, suspending users, clearing users' sessions, and managing users' risk. Furthermore, it allows for managing policies and viewing a group and its details.
Moreover, the role has permissions for managing Shared Signals Framework (SSF) receiver streams. It also enables the viewing and running of delegated flows, providing a more comprehensive set of permissions for managing ITP.
Previously, Okta introduced Custom Admin Roles, allowing the creation of custom roles with Role Permissions and Resource Sets. Resource Sets allow admin roles to be scoped to specific sets of data, ensuring that administrators only have access to the resources they need.
This expansion of custom admin roles in ITP with Okta AI reinforces Okta’s commitment to secure, principle-of-least-privilege access management in Identity Threat Protection with AI-powered detection and response. The update was announced in July 2025.
For a comparison of role permissions for different admin roles, consult the product documentation. This enhancement allows organizations to enforce security policies with precision and distribute administrative duties securely within their teams managing Identity Threat Protection.
- Okta's Identity Threat Protection (ITP) offering now includes extended custom admin roles, providing more control over access management.
- The new custom admin roles offer precise control over ITP features and settings, allowing for delegated administration without granting full super admin privileges.
- In Okta Workforce Identity, two new resource types have been added: "User Risk" and "SSF Receiver Streams," which are directly related to Identity Threat Protection aspects.
- The custom admin role for an Identity Threat Protection administrator now offers limited access, with permissions for managing users' risk, deactivating and suspending users, and viewing user risk, among other tasks related to access management and security.
