How Custom Opal Roles Support Enterprise-Scale IGA

Introducing Custom Opal Roles: Enterprise-Grade Control for Growing Businesses

We’re pleased to announce that Custom Opal Roles are now generally available. Built in close collaboration with our enterprise design partners, this new feature transforms how organizations manage administrative permissions by enabling the creation of tailored roles with precisely defined scopes and capabilities within the Opal platform.

With Custom Roles, Opal delivers the fine-grained control that enterprise CISOs demand:

Precise Delegation Without Compromise

Create custom admin roles tailored to your organizational structure. Whether you need to delegate to subsidiary organizations, technical system owners, or cloud admins, each role can be configured with exactly the permissions required—nothing more, nothing less.

Granular Visibility Controls

Control what each admin can see and access within Opal. Toggle visibility for specific pages including:

• Dashboard and Homepage

• Requests and Access Reviews

• Events and Audit Logs

• User and Resource Management

• Templates and Insights

Resource-Level Scoping

Define administrative boundaries by resource groups, applications, and bundles. Admins can be limited to managing specific sets of resources (up to 100), ensuring teams only have access to the systems they're responsible for.

Workflow-Specific Permissions

Customize capabilities for each role:

• Control who can override approval requests

• Define access review management permissions

• Scope MFA reset capabilities

• Manage template creation and editing rights

Immediate Permission Reflection

When roles are modified or team members' access changes, permissions update immediately across the Opal platform—ensuring your security posture always reflects your current organizational structure.

Built for Real-World Enterprise Complexity

As organizations scale, managing identity and access becomes exponentially more complex. Enterprise security leaders face a critical challenge: how to delegate administrative responsibilities across multiple teams and business units without compromising security or governance. Traditional access management solutions force companies into an impossible choice—either grant excessive permissions that create security risks, or maintain centralized control that becomes a bottleneck for growing organizations.

This challenge intensifies during mergers and acquisitions, when disparate systems and teams must be unified under a single security framework while maintaining operational independence. For companies spinning up temporary skunkworks and R&D projects, the added overhead of “start and stop” for temporary “ninja teams” is disruptive and time consuming.

Custom Opal Roles address the unique needs of large organizations:

• Multi-Team Support: Enable different teams to manage their own resources independently

• M&A Ready: Quickly integrate acquired companies by creating dedicated admin roles

• Compliance-Friendly: Maintain clear audit trails and separation of duties

• API Integration: Map tokens to roles for automated workflows with proper boundaries

Early adopters from our enterprise design partner program have already seen significant benefits:

• Reduced time to delegate administrative tasks

• Improved security posture through least-privilege administration

• Faster onboarding of new business units

• Streamlined compliance reporting

The Future of Enterprise Identity Security

Custom Roles represent our commitment to solving the complex challenges faced by growing organizations—providing the scalability, flexibility, and control that modern enterprises demand.

As your organization grows, merges, or evolves, Opal grows with you. Custom Opal Roles ensure that your identity security infrastructure can adapt to any organizational structure while maintaining the highest standards of security and governance.

Get Started

Custom Roles are now generally available for all Opal enterprise customers. To learn more about how this feature can transform your identity security operations:

• Read the full documentation

• Read our blog covering IAM security for growing orgs and M&A

Take control of your enterprise-scale access management with Opal's Custom Roles—enabling precise delegation without compromise.