Delegate account management
Typically, a virtual service provider manages the accounts they create. However, they can delegate the management responsibility to their parent account.
For example, in the following illustration, the virtual service provider SP2 has created and can manage the subscriber account SUB1. SP2 has also delegated management of SUB1 to their parent account SP1. This permits SP1 to manage the SUB1 account on behalf of SP2.
Some useful applications of delegated management include the following:
-
Supporting intermediate sales channels. For example, SP2 is purely a sales organization with no support capability, whereas SP1 is able to provide a full range of support functions.
-
SP2 is a customer with several subsidiary organizations, LDAP domains, and so on (SUB1, SUB2, SUB(N)), but all user and account management is performed by SP1.
Delegate management when on-boarding an account
On the STA Token Management console, the On-Boarding tab includes an option for delegating account management.Selecting the delegated management option immediately delegates management to the virtual service provider’s parent, where it will appear on their Virtual Servers tab. You can add contact and telephone information to add a point of contact for the parent (SP1) organization.
Typically, service providers (account managers) can view and manage only the accounts they create. However, if you select Use Delegate in the On-Boarding > Services module, STA adds your account to your service provider’s Virtual Servers tab, which enables your service provider to manage your account.
Your account is not added to your service provider’s On-Boarding tab when you select Use Delegate. Therefore your service provider cannot perform on-boarding functions for the account, such as configuring account details and services, or allocating tokens.
Delegate a service provider to manage your account
You can delegate any service provider to manage your account if, for example, you want to offload any of your account management tasks. The delegation process is as follows:
-
The service provider (delegate) generates a delegation code.
-
You install the delegation code on your account’s virtual server.
-
The service provider activates the code and the account name displays on their Virtual Servers tab.
You configure the role, scope, and access restrictions for the service provider on your account’s Virtual Server tab, to limit the management functionality available to the service provider’s account managers. You can use account manager roles to set role, scope, and access permissions for a virtual server.
Generate a delegation code from the delegate account
Delegation codes enable you to allow any service provider to view and manage your account. Whereas typically only direct parent service providers have the ability to manage your account.
From their account, the service provider (delegate) generates the delegation code to set up the trust that allows delegated account management.
-
On the STA Token Management console, select On-Boarding > Delegation Code.
-
Select New.
-
Select the Account Group to which the virtual server will be added.
The account is added to the selected account management group when the delegation code is activated.
-
Select Add.
A code and associated data is added to the list displayed in the Delegation Code module.
The Delegation Code module includes the following information:
-
Code: The delegation code that you enter in the virtual server that will be managed.
-
Account to Manage: The name of the account. This field is populated after the code is installed in the account’s virtual server.
-
State: Indicates the state of the code: Unused, Pending, or Active.
-
Created Date: The date when the code was generated.
-
Established Date: The date when the delegation code was activated.
-
Account Group: The management group to which the account’s virtual server belongs.
-
-
Provide the delegation code to the account.
Enter the delegation code for the managed account
-
On the virtual server of the account to be managed, select Virtual Servers > Operators > External Operator.
-
Select New.
-
Enter the Delegation Code that you copied from the delegate.
-
Select Verify, and then select Next.
-
Assign a Role to the external operator that limits the functionality available to the delegated manager, and then select Next.
-
To limit the delegated manager’s scope, select the Containers of users and tokens to manage, and then select Next.
-
Set date, hour, and day access restrictions for the delegated manager.
-
Select Finish.
STA updates the external operators list and the state of the delegation code to Pending Acceptance.
Activate the delegation code
-
On the STA Token Management console, select On-Boarding > Delegation Code.
-
In the State column, select Pending Acceptance and then select Apply to confirm the delegation.
STA updates the state of the Delegation Code to Established.
-
Select the virtual server from the Virtual Servers tab.
Remove a delegation code
To remove a delegation code at any time, select the Remove link for the corresponding code.