Skip to content

Managing Administrators

Administrators within Non-Employee are responsible for the configuration and management of your tenant within the admin console. Because administrators have access to all settings and features, consider carefully before assigning the administrator role to a user.

Access to the admin console is granted to users through a lifecycle role. This role can be assigned to users within Identity Security Cloud, or based on their membership in a group within your identity provider.

Creating the Administrator Role

Prerequisite:

  • If you are configuring your roles to be assigned through your identity provider, assign a unique group or entitlement within your identity provider to all users you intend to mark as administrators within Non-Employee. This allows them to be granted the administrator role automatically the first time they sign in.

    For example, you might name this group Non-Employee Admins.

To create the administrator role:

  1. Begin creating a new role as described in Managing User Roles.

    Best Practice

    When creating the administrator role, use a descriptive name to indicate that this role grants administrative access.

  2. (Optional) If you are configuring roles to be granted through groups within your identity provider, in the Directory groups field, select the group from your identity provider you configured in the prerequisite, corresponding to the users that will be granted admin access.

  3. In the PERMISSIONS section, under the Application header, select the Yes radio button beside admin.

  4. Review the rest of the permissions available for Non-Employee roles and grant them as appropriate.

  5. Select the Create button.

    If you are assigning roles to users by assigning them as entitlements within Identity Security Cloud, begin an entitlement aggregation and grant the entitlement to the users who should be given admin permissions. Refer to Assigning Roles with Identity Security Cloud for more details.

    If you are assigning roles to users based on their groups in your identity provider, this grants users with the selected group access to the admin console the next time they authenticate.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.