Administrators within Non-Employee are responsible for the configuration and management of your tenant within the admin console. Because administrators have access to all settings and features, consider carefully before assigning the administrator role to a user.
The System User account available out of the box should only be used for your initial tenant setup.
To grant users access to the admin console:
- Assign a unique group or entitlement within your identity provider to the users you want to make administrators. This must be within the
groupsattribute in the SAML assertion.
- Create a role within Non-Employee to assign to administrators in your tenant.
Creating the Administrator Role
Within your identity provider, assign a unique group or entitlement to all users you intend to mark as administrators within Non-Employee. This allows them to be granted the administrator role automatically the first time they sign in.
For example, you might name this group Non-Employee Admins.
To create the administrator role:
Begin creating a new role as described in Managing User Roles.
When creating the administrator role, use a descriptive name to indicate that this role grants administrative access.
During role creation, in the Directory groups field, select the group from your identity provider you configured in the prerequisite, corresponding to the users that will be granted admin access.
In the PERMISSIONS section, under the Application header, select the Yes radio button beside admin.
This grants users with this role access to the admin console.
Review the rest of the permissions available for Non-Employee roles and grant them as appropriate.
Select the Create button.