Beyond Identity provides role-based access control (RBAC) functionality in the Admin Console. RBAC allows a tenant administrator to grant access to certain Admin Console features to different users based on predefined roles.
When configured, users will have access privileges to perform tasks associated with the group. For example, users can be added to a group that provides them the ability to perform all administrative tasks or to a group that only provides them with the ability to view information (for example, to view policy configuration). Access to these capabilities is given by placing a user in the group.
Note: This feature is not enabled or viewable by default. Contact your sales/support representative to turn it on.
To configure role-based access control:
1. Log into the Admin Control and click the icon located in the upper-right corner of the page.
2 . Select Account Settings.
3. From the Account Settings page, click Control Access Console. The 9 predefined groups are displayed.
The following table provides information about each group. A user can be in multiple groups.
Group |
Description |
Super Administrators |
Can perform all administrative actions for a tenant. Only users in this group can add users to other predefined RBAC groups. |
Directory Administrators |
Can modify User, Group, and Device configuration settings. |
Directory Read Only |
Can read User, Group, and Device configuration settings but not modify them. |
Integrations Administrators |
Can modify SAML, OIDC, Okta, and MDM configurations settings |
Integrations Read Only |
Can read SAML, OIDC, Okta, and MDM configuration, but not modify. |
Policy Administrators |
Can modify Policy configuration settings. |
Policy Read Only |
Can read Policy configuration settings but not modify them. |
Help Desk |
Can view Users, Groups, Devices, policies, and event logs but not modify them. Users can also suspend/unsuspend users and send enrollment emails. |
Analytics |
Can view the insights dashboard and event logs. |
4. Click on the appropriate group, in this example, Directory Administrators. The page provides additional information on the access privileges for the group.
5. Click + Add users to group, and from the Add users to group drop-down menu, select each user you want to add.
6. Click Add users to Group. The dialog closes, and the Directory Administrators page is updated to reflect the number of users in the group.
User information includes:
-
User name
-
Email address
-
Status of the user in the group (active or suspended state)
Tips:
-
The fields can be sorted in ascending or descending order by clicking on one of the headings.
-
You can search for a user or filter the list of users by typing in the search field.
Comments
0 comments
Please sign in to leave a comment.