How to Blur the Okta Admin Console During Screen Sharing (Hide Users, Apps & Tokens)
IT and security admins: here's how to blur the People directory, group memberships, app assignments, API tokens, your org URL and MFA factors in the Okta admin console before you share your screen.
To share the Okta admin console safely, blur the user directory, app assignments and tokens directly in the page before you screen-share. The Okta admin dashboard is a map of your whole identity estate — the People / Directory list of user names, emails and usernames, group memberships, the app assignments that reveal every SaaS tool your company uses, API tokens, your org URL, and users' authentication and MFA factors. There's no presenter-safe view, so on a Zoom, Teams or Meet call your viewers see exactly what you see. Blurring the sensitive fields in-page lets an IT or security admin demo a config, walk an auditor through a setting or train a teammate without exposing your directory or your tech stack.
The blur is painted into the page as real pixels, so it survives Zoom, Google Meet, Teams, Loom, OBS and screenshots of the shared feed — and nothing you blur leaves your browser. That's important when what's on screen is effectively a blueprint for attacking your identity provider.
What's sensitive in the Okta admin console
- People / Directory — the user list with full names, email addresses and usernames, status and last login, plus the individual profile behind each.
- Groups — group names and memberships that reveal team structure, access tiers and who's an admin.
- Applications — the list of connected apps, which exposes your entire SaaS stack, plus per-app assignments showing who has access to what.
- API tokens — API token values and names under Security → API, and OAuth client secrets for integrations.
- Org URL & tenant — your org URL (
yourcompany.okta.com) and org ID, useful to an attacker targeting your tenant. - Security & authentication — authenticators and MFA factors, authentication policies, and factor-enrollment details per user.
- Reports & system log — the system log and reports that list users, IP addresses and sign-in events.
How to blur the Okta admin console for a screen share
Here's the flow with BlurFirst:
- 1
Share the Okta tab only
Present just the browser tab with your admin console (
yourcompany-admin.okta.com) — keep email, your terminal and other tabs out of the feed. - 2
Start BlurFirst
Open the People, Applications or Security screen you'll present and press Ctrl/⌘ ⇧ Y to bring up the control bar.
- 3
Box-blur the directory and app lists
Drag a rectangle over the People list's name/email columns, or over the Applications grid, so the whole block stays frosted as you scroll.
- 4
Element-blur tokens and the org URL
Click a single API token value, an app-assignment name, or the org URL in the page header to frost just that element. Click again to reveal it when you need to.
- 5
Scan before the directory is on screen (Pro)
One local Scan finds and blurs emails, API keys/tokens and phone numbers on the page — worth running before you open the People list or the API tokens screen.
- 6
Keep the panic shortcut ready
If you land on the wrong screen, press Ctrl/⌘ ⇧ H to blur the whole page instantly.
Why Okta's own roles don't cover this
Admin roles and delegated administration in Okta control what the logged-in user can open. During a screen share, the logged-in user is *you* — usually a super admin with visibility into every user, app and token — so anything you can see is exactly what your audience sees. Those controls govern access, not what someone watching your screen can read. Blurring works at the presentation layer: it controls what the viewer sees, regardless of your own access.
When IT and security teams share this screen
- Auditor and compliance walkthroughs — showing an access-review or MFA setting without exposing the full user list or your app inventory.
- Vendor and integration calls — configuring an app or SCIM connection with a vendor on the line who shouldn't see your directory or tokens.
- Onboarding and enablement — recording a how-to for new admins when the demo is your production tenant.
- Incident and troubleshooting bridges — sharing the system log or a user's factors on a call where not everyone should see names and IPs.
One honest limitation
BlurFirst is a browser extension, so it covers the Okta admin console in the browser (your okta.com org), not the Okta Verify mobile app or any native window. It also only affects the browser tab, so share a single tab rather than your whole screen — and note the blur covers the page, not your browser's address bar, so navigate to your org before sharing. Scan detects patterns like emails and API tokens — not free-text names — so blur user and group names with element or box blur. A desktop app that covers native windows is in development.