Okta inaugurates Custom Administrator Roles for Identity Risk Management, fortified by Okta's artificial intelligence
Okta Enhances Identity Threat Protection with Custom Admin Roles
Okta, a leading identity and access management provider, has introduced an enhancement to its Identity Threat Protection solution. This update aims to bolster security and risk management by offering more granular control over administrative responsibilities.
The new feature centres around custom admin roles, which cover all aspects of Identity Threat Protection but fall short of the Okta Super Admin role. Previously, Okta introduced Custom Admin Roles, allowing the creation of roles with specific Role Permissions and Resource Sets.
Resource sets are collections of resources mapped to admin roles, granting administrative access. A role defines what a user can do (operations), and a resource set defines what that role can operate on (data). The admin role can be scoped by resources in a resource set, including specific applications, users (by group), workflows, policies, and groups.
In response to the growing need for more precise control, Okta has added two new resource types: "Identity Threat Protection Threats" and "Identity Threat Protection Policies." This extension of custom admin roles allows for more granular control over admin permissions, enabling administrators to define fine-tuned permissions to control who can view, respond to, or configure Identity Threat Protection features.
Role Permissions describe the operations that can be performed on objects, such as "Manage users," "Create users," and "Edit users' lifecycle states." When defining roles, permissions like "View or modify users," "Clear users' sessions," "View groups," "Manage applications," "Run delegated flow," "View delegated flow," and "Manage customizations" can be included.
The custom admin role for an Identity Threat Protection administrator includes permissions for deactivating and suspending users, clearing user sessions, managing user risk, viewing groups, viewing applications, viewing delegated flows, managing Shared Signals Framework Receiver streams, and managing policies.
Okta Identity Threat Protection with AI is a cutting-edge security solution that combines artificial intelligence with continuous, real-time identity threat detection and response capabilities. It targets identity-based attacks like compromised credentials and unauthorized access by proactively identifying suspicious activities and enabling automated protective actions. A key feature is its integration with Okta Workflows, allowing organizations to create automated, policy-driven responses such as deactivating or quarantining compromised accounts, enforcing multi-factor authentication (MFA) on risky actions, and alerting security teams to potential breaches.
David Edwards, a product specialist with the Okta Product Acceleration Team, commented on the update, stating, "This enhancement allows our customers to manage their Identity Threat Protection functions with more precision and security, ensuring that the right people have the right access at the right time."
The update operates under an administrative model with users/groups assigned to Admin Roles. The role provides limited access to the user, allowing them to see (but not modify) the user's apps and groups and to view user risk (but not access the user profile or devices).
This article is part of the Okta Secure Identity Product Blog Series. For more information on how to extend custom admin roles for Identity Threat Protection, please refer to the Okta Help Centre or consult with an Okta representative.
[1] Okta Secure Identity Product Blog Series: [Link to the blog post] [2] Okta Help Centre: [Link to the help centre article] [3] Okta Product Acceleration Team: [Link to the team's website]
- The enhancement introduced by Okta, a leading access management provider, in its Identity Threat Protection solution, involves custom admin roles to grant more specific control over security and risk management of workforce identities.
- The new custom admin roles in Okta's Identity Threat Protection solution include permissions for managing Identity Threat Protection threats and policies, allowing administrators to define fine-tuned access rights for users.
- Okta's Identity Threat Protection solution, powered by AI, provides advanced security features such as integrating with Okta Workflows for automated response to identity-based attacks and threats, and offering integration with technology like Shared Signals Framework for better threat detection and response.
