Create administrative roles in Digital Access
In Smart ID Digital Access component you can create administrative roles with different privileges and responsibilities, this is called delegated management. Each role can be assigned to one or several users stored in the registered user storage location. Roles are used as alert receivers in the Monitor System > Manage Alerts page and selected roles receive notification messages about selected alert events. You can add any number of roles and assign them one or several of the pre-configured privileges available. All privileges can be combined.
If you plan to use a role for alerts, you need to ensure that selected users have registered e-mail addresses and/or cell phone numbers.
Pre-configured privileges that can be set for different roles
Privilege | Description |
---|---|
Help desk administration | Can add, edit, and delete all saved settings for a user account. |
User account management | Have access to all available functionality in the Manage Accounts and Storages section. |
Resource management | Can add, edit, and delete resources, both resource hosts and resource paths and can also manage Application Portal items. |
Resource path management | Can add, edit, and delete resource paths for selected resource hosts. |
View logs | Can view logs for all servers in the Digital Access component network. |
Publish | Can publish updated configuration. |
User linking administration | Can manage users linked to a user storage. This includes creation of linked users and deletion or reparation of existing links. |
User log viewer | Can view user logs found in the General Settings tab of the Edit user page. |
User signing requester | Can send signing requests to provisioned users. |
Pre-defined roles
Role | Description |
---|---|
Help Desk | The Help Desk role has privileges to manage user groups. |
Signing Requester | The Signing Requester role has privileges to send signing requests to provisioned users. |
Super Administrator | The Super Administrator role has all privileges and rights. |
Prerequisites
If you plan to use a new role for alerts, make sure that the selected users for the role have registered email addresses and/or cell phone numbers.
Before you start, log in to Digital Access Admin with an administrator account.
Add roles and assign them privileges
In Digital Access Admin, go to Manage System.
Click Delegated Management.
Click Add Role…
Enter a Display Name and Description and select privilege(s) for the new role. Click Next when done.
To define which user accounts the role will manage, select user group from the drop-down list and click Add Group.
Click Next.
To assign the role to specific administrators, click Add Administrator… and enter a User ID on the next page.
The User ID must exist and be linked in the directory service before you can use delegated administration. The User ID's directory password is used to login to the administration interface. To enable any other authentication methods, use the Standard resource of 'Nexus Administration' with a new 'Access Rule' All access must then go via the Access Point.To assign entire user groups to the role, select a previously registered administrator group from the Select Administrator Groups drop-down list and click Add Group.
Click Finish.
The roles Help Desk and Super Administrator are predefined roles, and they cannot be deleted.