About Administrators

Zscaler’s role-based administration enables you to control what different admins can do in the Admin Portal. You can delegate responsibilities among admins and granularly control their level of access to the Admin Portal to ensure they do not create conflicting policies and settings.

To facilitate role-based administration, each admin account comprises a role and scope:

  • Using an admin role or partner admin role, you can specify which features admins can access in the Admin Portal
  • Using an admin scope, you can specify which areas of the organization (for example, which departments or which locations) admins can configure policies or settings in the Admin Portal

You can configure role-based administration using role and scope. For example, you can give your organization’s CISO the ability to set only security policies in the Admin Portal (specified through role), but enable the CISO to set security policies for the entire organization (specified through scope). Similarly, you could give the Marketing Director the ability to set access policies relevant to productivity and compliance (specified through role), but allow him or her to do so only for a specific location or department (specified through scope). To read more about other examples of role-based administration, see Examples of Role-Based Administration.

Zscaler provides a default admin account that has full access to the Admin Portal and scope over the entire organization. This account cannot be edited or deleted. With role-based administration, you can add as many additional admins as necessary to meet the specific needs of your organization. You can also edit and delete admins as necessary at any time. Also, depending on their admin role and scope, configured admins can add, edit, or delete admin accounts with lower rank.

Configuring an administrator is one of the tasks you must complete when configuring role-based administration. To learn more, see Configuring Role-based Administration.

On the Administrators page, you can do the following:

  1. Add an admin
  2. Add a partner admin
  3. View a list of all admins and partner admins configured for your organization. For admins, you can see the following:
    • Login ID: The Admin Portal login ID for the admin
    • Name: The name of the admin
    • Role: The admin's level of access to the Admin Portal
    • Scope: The areas of the organization the admin can manage in the Admin Portal
    • Login Type: Lists if SAML single sign-on (SSO) login, direct password access login, or both are enabled for the admin
    • Comments: Displays any comments regarding the admin, if available
    • Password Expired: Displays whether the admin's password has expired, if password expiration is enabled for admins
    • Type: Displays the admin's account type
  4. Search for a configured admin or partner admin
  5. View a configured admin with equal or higher rank, or a partner admin
  6. Edit a configured admin with lower rank, or a partner admin
  7. Modify the table and its columns
  8. View a list of configured auditors
  9. Go to the Administrator Management page, to enable password expiration or configure SAML single sign-on for admins

 Screenshot labelled with numbers showing the various features of the administrator page