CloudAccess provides the ability to assign different roles to administrative users in your identity sources. The roles allow administrators to perform certain tasks and deny them access to other tasks.
CloudAccess includes the following types of roles:
Appliance Administrator: The appliance administrator has full rights to all appliance administration pages and role assignments. You assign the first appliance administrator during the initialization of the appliance.
Application Owner: The application owner controls access to the SaaS applications. CloudAccess automatically assigns this role to the user who creates the SaaS application on the Admin page. The application owner can access the following web pages:
Approvals: The application owner can allow or deny approvals for the users to obtain a SaaS application account.
Policy: The application owner can map authorizations between the identity source and the SaaS application and optionally require approval for authorizations.
Roles: The application owner can add or remove users from the application approver role.
Application Approver: The application approver can access the Approvals page and allow or deny approvals for the users to obtain a SaaS application account. CloudAccess automatically assigns this role to the user who creates the SaaS application on the Admin page.
Compliance Auditor: The compliance auditor can access the Reports page and generate, view, and download the reports for the appliance. Users assigned to the appliance administrator role have access to the Reports page automatically.
Device Administrator: The device administrator can view and delete other users’ registered mobile devices on the Devices page. A user who has the appliance administrator role automatically has the device administrator role (though the reverse is not the case).
Helpdesk: The helpdesk administrator manages the Self-Service User Store users. The helpdesk user can delete users and reset passwords.
In addition to the default role assignments, you can assign each role to additional users. However, the Roles page never allows you to remove the last appliance administrator role.
Log in to the Admin page at https://appliance_dns_name/appliance/index.html as the appliance administrator or application owner.
Click Roles on the toolbar.
Type the name of a user into the search bar, then click Search. Matching users are displayed in the left column.
Drag and drop the user to the role you want to assign to that user, then click OK to confirm the assignment.
The Roles page displays only the application owner and application approver roles of configured SaaS connectors.