Our architecture is like this
IDP OKTA, SP User application connected with eDir 1 and SSPR connected with eDir 2 and protected via NAM as a proxy
All the employees are landing to the user application after getting authenticated via OKTA. UA is integrated as a SP vial SAML assertion. I want to give the Admin feature of SSPR to some employees whose password is not there in eDir2. The Admin page will configured as a tile in UA. Let me know if this will work. If not what needs to be done so that I can expose the admin feature of SSPR to some designated employees.