Skip to content
BlurFirst

How to Blur the Okta Admin Console During Screen Sharing (Hide Users, Apps & Tokens)

7 min read

IT and security admins: here's how to blur the People directory, group memberships, app assignments, API tokens, your org URL and MFA factors in the Okta admin console before you share your screen.

To share the Okta admin console safely, blur the user directory, app assignments and tokens directly in the page before you screen-share. The Okta admin dashboard is a map of your whole identity estate — the People / Directory list of user names, emails and usernames, group memberships, the app assignments that reveal every SaaS tool your company uses, API tokens, your org URL, and users' authentication and MFA factors. There's no presenter-safe view, so on a Zoom, Teams or Meet call your viewers see exactly what you see. Blurring the sensitive fields in-page lets an IT or security admin demo a config, walk an auditor through a setting or train a teammate without exposing your directory or your tech stack.

The blur is painted into the page as real pixels, so it survives Zoom, Google Meet, Teams, Loom, OBS and screenshots of the shared feed — and nothing you blur leaves your browser. That's important when what's on screen is effectively a blueprint for attacking your identity provider.

What's sensitive in the Okta admin console

  • People / Directory — the user list with full names, email addresses and usernames, status and last login, plus the individual profile behind each.
  • Groupsgroup names and memberships that reveal team structure, access tiers and who's an admin.
  • Applications — the list of connected apps, which exposes your entire SaaS stack, plus per-app assignments showing who has access to what.
  • API tokensAPI token values and names under Security → API, and OAuth client secrets for integrations.
  • Org URL & tenant — your org URL (yourcompany.okta.com) and org ID, useful to an attacker targeting your tenant.
  • Security & authenticationauthenticators and MFA factors, authentication policies, and factor-enrollment details per user.
  • Reports & system log — the system log and reports that list users, IP addresses and sign-in events.

How to blur the Okta admin console for a screen share

Here's the flow with BlurFirst:

  1. 1

    Share the Okta tab only

    Present just the browser tab with your admin console (yourcompany-admin.okta.com) — keep email, your terminal and other tabs out of the feed.

  2. 2

    Start BlurFirst

    Open the People, Applications or Security screen you'll present and press Ctrl/⌘ ⇧ Y to bring up the control bar.

  3. 3

    Box-blur the directory and app lists

    Drag a rectangle over the People list's name/email columns, or over the Applications grid, so the whole block stays frosted as you scroll.

  4. 4

    Element-blur tokens and the org URL

    Click a single API token value, an app-assignment name, or the org URL in the page header to frost just that element. Click again to reveal it when you need to.

  5. 5

    Scan before the directory is on screen (Pro)

    One local Scan finds and blurs emails, API keys/tokens and phone numbers on the page — worth running before you open the People list or the API tokens screen.

  6. 6

    Keep the panic shortcut ready

    If you land on the wrong screen, press Ctrl/⌘ ⇧ H to blur the whole page instantly.

Why Okta's own roles don't cover this

Admin roles and delegated administration in Okta control what the logged-in user can open. During a screen share, the logged-in user is *you* — usually a super admin with visibility into every user, app and token — so anything you can see is exactly what your audience sees. Those controls govern access, not what someone watching your screen can read. Blurring works at the presentation layer: it controls what the viewer sees, regardless of your own access.

When IT and security teams share this screen

  • Auditor and compliance walkthroughs — showing an access-review or MFA setting without exposing the full user list or your app inventory.
  • Vendor and integration calls — configuring an app or SCIM connection with a vendor on the line who shouldn't see your directory or tokens.
  • Onboarding and enablement — recording a how-to for new admins when the demo is your production tenant.
  • Incident and troubleshooting bridges — sharing the system log or a user's factors on a call where not everyone should see names and IPs.

One honest limitation

BlurFirst is a browser extension, so it covers the Okta admin console in the browser (your okta.com org), not the Okta Verify mobile app or any native window. It also only affects the browser tab, so share a single tab rather than your whole screen — and note the blur covers the page, not your browser's address bar, so navigate to your org before sharing. Scan detects patterns like emails and API tokens — not free-text names — so blur user and group names with element or box blur. A desktop app that covers native windows is in development.

Frequently asked questions

Can I demo Okta app config while hiding our user directory?

Yes. Box-blur the People list's name and email columns, or element-blur individual users, while the Applications and settings you're demoing stay readable.

Does BlurFirst hide API tokens automatically?

Scan detects API-key and token patterns along with emails and phone numbers, and blurs them locally. You can also element-blur a specific token value or the org URL directly.

Will the blur stay put as I move between admin screens?

Yes. Region and element blurs anchor to the content and re-apply when Okta re-renders, so a frosted directory column or token stays hidden as you navigate the single-page console.

Does the blur cover my org URL in the address bar?

No. BlurFirst blurs content inside the page, not the browser's address bar. Navigate to your org before you start sharing, and element-blur the org URL where it appears in the page header.

Is any directory or token data sent anywhere?

No. Everything runs locally in your browser; the only network request BlurFirst makes is a license check. A saved blur stores a CSS selector, never the content inside it.

Blur it before you share it.

Hide any field, region or message on a page before your next call. Nothing you blur leaves your browser.

Add to Chrome