Your suggested change has been received. Thank you.


Suggest A Change….


Operators and roles





Virtual servers are managed by operators, of which there are two types:

  • Internal Operators—User accounts in the virtual server that have been promoted to operator status.

  • External Operators—Operator accounts created for the service provider, allowing service provider management access to the virtual server.

Both types of operators are managed from the Operators tab.


Internal operators

Any user who has been added to a virtual server and who has been assigned a token or password can be promoted to internal operator, allowing them to log in and perform management functions. These operators appear on the STA Token Management console in the Internal Operator list. Operators cannot modify their own role, scope, or access restrictions.


Each row in the list displays:

  • User ID—This is the User ID of the Operator. Click the link to reveal additional user details.

  • Role Name—This is the role that is assigned to the operator. Roles determine what an operator is able to do through the management UI.

  • State—There are three possible states:

    • Pending Validation—The user has not yet validated their email address.

    • Active—The operator is able to log on to the management UI. Click the State link to suspend the operator account.

    • Suspended—The operator account has been suspended.  Click the State link to reactivate the operator account.

  • Edit—Click this link to edit the operator’s role, scope, and access restrictions.

  • Remove—Click this link to remove this user as an operator.

Add an internal operator

  1. On the STA Token Management console, select the Operators tab, and then select Internal Operator.

  2. Click New.

    The users who are eligible for promotion to operator status are listed. Only users with active tokens appear in the search results.

  3. To refine the list, use the Last Name or UserID criteria and click Search.


  4. Select the check box for each user that you want to promote to operator.

    You can select multiple users for promotion, bearing in mind that the same role, scope, and access restrictions apply to all selected users.

  5. Click Next to assign a role.

    Roles determine the task an operator can perform.


  6. Select a role and click Next to define the scope for the operators.

    Containers define an operator’s scope, which is what they can manage. If a container is not in an operator’s scope, then all of the objects in the container are also not in scope and consequently cannot be viewed or managed by the operator.


  7. Select one or more containers from the list, and then click Next to set access restrictions.

    Access restrictions are used to limit when an operator is allowed to log in to the STA consoles.


  8. To enable restrictions, select the Enable Restrictions option, and then select the restrictions to apply:

    • Start Date—Operator cannot log in to the STA consoles prior to this date.

    • End Date—Operator cannot log into the STA consoles after this date.

    • Start Time—Operator cannot log into the STA consoles prior to this time of day.

    • Stop Time—Operator cannot log into the STA consoles after this time of day.

    • On the following days—Operator login is restricted to the selected days of the week.

  9. Click Finish.

Example - Operator email validation and login screen

Operators log in to the STA consoles using the email address that associated with their UserID. Before an operator can log in, they must confirm that they own the email account to which the validation message is sent.

The following example shows the customizable validation email that is sent to operators:


If the email address that associated with the operator's UserID changes, the validation message is resent.

The following example shows the operator login screen for the STA consoles: