Minimum permission for a user needing to fetch user profiles


As there are seven roles on Okta system, I was curious to know which roles if given to a user (leaving aside SUPER_ADMIN) would make the user capable of fetching user profiles and it’s associated group, application and roles information?

The end objective of my query is to find out a minimum permissions user in Okta that can perform User provisioning operations.

Hi @Pranav, have you checked out:

I believe you are either looking for a read-only admin or group admin

Thank you @tom

Essentially, I am looking for a user role which can,

  • Alter user profiles.

  • Provision groups, add/remove users from groups, add/remove apps from groups.

  • Provision apps, add/remove users from apps.

  • Add/remove roles to user.

Upon going through the link you provided, I find out that ORG_ADMIN and APP_ADMIN are sufficient, however I am still not able to provision roles with both of them.

Any other workaround to it?

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.