Skip to main content
Skip table of contents

Create administrative roles in Digital Access

In Smart ID Digital Access component you can create administrative roles with different privileges and responsibilities, this is called delegated management. Each role can be assigned to one or several users stored in the registered user storage location. Roles are used as alert receivers in the Monitor System > Manage Alerts page and selected roles receive notification messages about selected alert events. You can add any number of roles and assign them one or several of the pre-configured privileges available. All privileges can be combined.

If you plan to use a role for alerts, you need to ensure that selected users have registered e-mail addresses and/or cell phone numbers.

Pre-configured privileges that can be set for different roles

Privilege

Description

Help desk administration

Can add, edit, and delete all saved settings for a user account.

User account management

Have access to all available functionality in the Manage Accounts and Storages section.

Resource management

Can add, edit, and delete resources, both resource hosts and resource paths and can also manage Application Portal items.

Resource path management

Can add, edit, and delete resource paths for selected resource hosts.

View logs

Can view logs for all servers in the Digital Access component network.

Publish

Can publish updated configuration.

User linking administration

Can manage users linked to a user storage. This includes creation of linked users and deletion or reparation of existing links.

User log viewer

Can view user logs found in the General Settings tab of the Edit user page.

User signing requester

Can send signing requests to provisioned users.

Pre-defined roles

Role

Description

Help Desk

The Help Desk role has privileges to manage user groups.

Signing Requester

The Signing Requester role has privileges to send signing requests to provisioned users.

Super Administrator

The Super Administrator role has all privileges and rights.

Prerequisites

If you plan to use a new role for alerts, make sure that the selected users for the role have registered email addresses and/or cell phone numbers. 

Before you start, log in to Digital Access Admin with an administrator account.

Add roles and assign them privileges

  1. In Digital Access Admin, go to Manage System.

  2. Click Delegated Management.

  3. Click Add Role…

  4. Enter a Display Name and Description and select privilege(s) for the new role. Click Next when done.

  5. To define which user accounts the role will manage, select user group from the drop-down list and click Add Group.

  6. Click Next.

  7. To assign the role to specific administrators, click Add Administrator… and enter a User ID on the next page. 
    The User ID must exist and be linked in the directory service before you can use delegated administration. The User ID's directory password is used to login to the administration interface. To enable any other authentication methods, use the Standard resource of 'Nexus Administration' with a new 'Access Rule' All access must then go via the Access Point.

  8. To assign entire user groups to the role, select a previously registered administrator group from the Select Administrator Groups drop-down list and click Add Group.

  9. Click Finish

The roles Help Desk and Super Administrator are predefined roles, and they cannot be deleted.

Additional information

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.