| Admin Sign on Policy | Full | - View sign-on policy.
Edit all configurations in sign-on policy. Exception: If the admin does not have the permission for “IP Locations - Full” or “IP Locations - View”, they are not allowed to access sign-on policy.
|
| | View Only | |
| | None | Not allowed to view the contents of sign-on policy. |
| Authentication Methods | Full | - View password policy.
- Edit all configuration on password policy.
- Edit authentication methods.
|
| | View Only | - View password policy.
- View all configuration on password policy.
- View authentication methods.
- Not allowed to change any configuration value.
|
| Users and Groups | Full | - View users and user groups.
- Add, edit, delete, activate, deactivate user.
- Add, edit, delete group.
- Import group details from a CSV file.
- Change group name, assign users to group.
- Add, edit, delete attribute.
|
| | View Only | View users, user groups, user attributes, and group attributes. |
| | None | Not allowed to access users, user groups, user attributes, and group attributes. |
| User Credentials | Full | - Access, view, and change security settings (all attributes and settings) only when admins have “Users and Groups - View” or “Users and Groups - Full” permissions.
- Admins without the "Users and Groups -Full" permission cannot change a user's primary and secondary email address even though they are used as credentials..
|
| | View Only | - View security settings (all attributes and settings) only when admins have “Users and Groups - View” or “Users and Groups - Full” permissions.
|
| | None | Not allowed to access security settings. |
| Roles | Full | - View, add, edit, and delete roles.
- Admins with “Users and Groups - Full or View” permission can add or edit roles.
|
| | View Only | - View roles.
- View all configuration for roles.
|
| External Identities | Full | - View external identities (both primary and secondary IdPs).
- Add and edit primary and secondary IdPs.
- Change all configuration per IdP.
|
| | View Only | - View external identities (both primary and secondary IdPs).
- View all configuration per IdP.
Restricted View - View external identities (both primary and secondary IdPs).
- View configuration per IdP except for Provisioning > SCIM Provisioning > Bearer Token.
|
| | None | Not allowed to access or view external identities. |
| IP Locations & Groups | Full | - View IP locations and location groups.
- Add location and location groups, import IP locations and location group details from a CSV file.
- Edit, delete IP locations and IP location groups.
- Change all configuration per IP location and IP location groups.
|
| | View Only | View IP locations, IP location groups, configuration per location or location group. |
| | None | Not allowed to access IP locations or IP location groups. |
| Authentication Session | Full | - View and change session timeout duration.
- View and change authentication session for service enrollment.
- View and change force authentication for private access reauthentication.
|
| | View Only | - View session timeout duration.
- View authentication session for service enrollment.
- View force authentication for private access reauthentication.
|
| Administrative Entitlements | Full | - View and search administrative entitlements.
- Access users and user groups.
- Assign users, user groups.
- Delete user assignments and user group assignments.
- Admin with "Roles - Full" or "Roles - View Only" permission can assign roles
|
| | Restricted Full | - Access, view, and search administrative entitlements.
- Admin with “Users and Groups - Full” or “Users and Groups - View” permission can access the Users and User Groups tabs of individual tenants.
- View all users and user groups assignments.
- View the user list on the User Groups tab.
- Admin with "Roles -Full" permission can assign roles.
- Admin with "Roles -View Only" permission cannot assign roles.
If admin has permissions in individual tenants to administer administrators, they can: - Assign users and user groups.
- Remove user assignments and user group assignments.
|
| | View Only | - View administrative entitlements
- View user and user group assignments
|
| | None | Not allowed to access administrative entitlements |
| Service Entitlements | Full | - View service entitlements
- Assign users, user groups, delete user assignments and user group assignments
|
| | View Only | - View service entitlements
- View user and user group assignments
|
| | None | Not allowed to access service entitlements |
| Audit Logs | View Only | View audit logs |
| | None | Not allowed to view audit logs |
| Guest Domain | Full | - Add guest domains
- Edit guest domains
- Delete guest domains
|
| | View Only | View the list of guest domains |
| | None | Not allowed to access guest domains |
| Remote Assistance | Full | - Enable remote access
- Disable remote access
|
| | View Only | View the Remote Assistance page |
| | None | Not allowed to access remote assistance |
| Branding | Full | - Add logo or email
- Edit logo or email
|
| | View Only | View the Branding page |
| | None | Not allowed to access the Branding page |
| API Clients & Resources | Full | - Add API Clients
- Edit or Delete API Clients
- Manage Resources
- Revoke Access Tokens
|
| | View Only | View the API Client and Resource details |
| | None | Not allowed to access API Clients & Resources |
| CXO Insight | Full | Access and view information in the Executive Insights app |
| | None | Not allowed to access the Executive Insights app |
