Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Delegated User Management v2

Administrator roles

search

Please Note:

Administrator roles

Administrator roles grant users with entitlements to manage organizations, users, access roles, applications, administrator roles, and scopes in the Delegated User Management v2 application.

Each administrator role is a collection of permissions. These permissions define the access rights for a user and give granularity to the administrative functions that the user is allowed to perform in Delegated User Management.

Only administrators in the root organization can manage (create, edit, or delete) administrator roles, or applications and their associated permissions.

Super administrators

Delegated User Management includes a pre-defined super administrator role. A user with this role has a system-wide view, managing the root organization and overseeing all partner organizations. They can see both authentication (system-level) and authorization (organizational-level) statuses across all organizations.

The first super administrator user is created on the OneWelcome Identity Platform console. You assign the super administrator role to additional users in Delegated User Management. However, only users in the root organization are eligible to be super administrators.

Assigning administrator roles

After you define the administrator roles, you can assign them through one of the following mechanisms:

  • A super administrator can assign any administrator role to any other user. However, only users in the root organization can be super administrators.

  • An administrator who is not a super administrator can assign one of their own administrator roles to other users within their scope of management, if the administrator has cascading rights for that role.

Add an administrator role

Administrators in the root organization with sufficient permissions can define administrator roles. An administrator role contains permissions corresponding to the needs of a specific population of users.

  1. Log in to the root organization.

  2. In the left pane, select Administration.

  3. On the Administrators page, select Add administrator role.

  4. Enter a name and description for the role.

    The name must be unique across all organizations in your tenant.

  5. Select the permissions to include in the role.

  6. Select Save.

Edit an administrator role

Administrators in the root organization with sufficient permissions can add or remove permissions for an administrator role.

The administrator role must retain at least one permission. The system does not allow you to remove all permissions from an administrator role.

  1. In the left pane, select Administrators > Administrator roles.

  2. Search for the administrator role.

  3. In the menu for the administrator role, select View details.

  4. Make the changes as needed - See Note 1.

  5. Select Save.

Delete an administrator role

Administrators in the root organization with sufficient permissions can remove an admin role if, for example, it is no longer useful.

You can only delete administrator roles that are not assigned to any users. If the role is assigned, remove it from the users first, and then you can delete the role.

  1. In the left pane, select Administrators > Administrator roles.

  2. Search for the administrator role.

  3. Delete the administrator role.

On this page