Configuring users and roles

You can create user accounts for administrators with specific roles. For example, you might want some administrators to configure policies, others to manage organizations, and yet a different set of administrators to monitor reports and logs. By creating custom roles, you can delegate specific administrative functions within an organization to specific users.

A realm administrator has full access to all realm settings. The realm administrator can:

• create organizations, roles, and user accounts for organization-level administrators and for additional realm administrators.

• access the realm map, which displays the location of each organization and their connectivity status.

• configure realm settings, which include password policy settings, session expiration time, Support access, Rest API access, and two-factor authentication settings for realm administrators.

An organization administrator can be assigned a role that provides them with full access to organization settings, or a role that provides limited access to those settings. You give an account access to more than one organization, but the account can be assigned only one role in each organization.

You can elevate, or reduce, permissions for any account at any time. You can also reassign roles to users and change their authentication settings at any time. Just be aware that making any of those changes will log the user out of the system.

It might be helpful to plan out your roles before you begin creating administrator accounts. That way, you’ll have a good idea of which accounts you want to assign to which roles, and the roles will be ready for assignment when you start to create accounts.

For better security, enable two-factor authentication. See Configuring authentication methods.

4. Enter a single-word username. Usernames are case-sensitive and Unicode characters are allowed.

5. Enter the user’s real name, or a name that will help you identify this account.

6. Choose whether to enable this account as a realm or an organization administrator account.

7. Enter an initial password. The first time a user logs in with this account, they will be prompted to change their password.

9. Enter the administrator’s mobile phone number, including the country code. This is required for two-factor authentication and can be used for important notifications.

– enable realm permissions to elevate the account, or disable realm permissions to limit the account to the organization level.

– assign, edit, or remove permissions. When assigning permissions to an account, you’ll need to select the organization and role. When editing an assignment, you’ll just need to select the new role.

– set two-factor authentication to use the realm setting, always on regardless of realm setting, or never on regardless of realm setting.

– enable or disable the realm setting for session expiration time. Enabling this option is useful for monitor users who may be viewing reports for relatively long durations.

You can delete an account through the Actions menu in the account details page.

5. In the Clone from menu, select an existing role. As a quick starting point, your new role will have the same permissions as the selected role.

– enable organization-wide permissions to elevate the account, or disable organization-wide permissions to limit access to just certain functionality.

8. In the Organization Rights tab, you can set permissions to general organization settings.

9. In the Other Rights tab, you can permissions to SaaS acceleration and license settings.

You can delete a role through the Actions menu in the role details page.