In Smart ID Digital Access component you can create administrative roles with different privileges and responsibilities, this is called delegated management. Each role can be assigned to one or several users stored in the registered user storage location. Roles are used as alert receivers in the Monitor System > Manage Alerts page and selected roles receive notification messages about selected alert events. You can add any number of roles and assign them one or several of the pre-configured privileges available. All privileges can be combined.
If you plan to use a role for alerts, you need to ensure that selected users have registered e-mail addresses and/or cell phone numbers.
Pre-configured privileges that can be set for different roles
Help desk administration
Can add, edit, and delete all saved settings for a user account.
User account management
Have access to all available functionality in the Manage Accounts and Storages section.
Can add, edit, and delete resources, both resource hosts and resource paths and can also manage Application Portal items.
Resource path management
Can add, edit, and delete resource paths for selected resource hosts.
Can view logs for all servers in the Digital Access component network.
Can publish updated configuration.
User linking administration
Can manage users linked to a user storage. This includes creation of linked users and deletion or reparation of existing links.
User log viewer
Can view user logs found in the General Settings tab of the Edit user page.
User signing requester
|Can send signing requests to provisioned users.
The Help Desk role has privileges to manage user groups.
|The Signing Requester role has privileges to send signing requests to provisioned users.
|The Super Administrator role has all privileges and rights.
If you plan to use a new role for alerts, make sure that the selected users for the role have registered email addresses and/or cell phone numbers.
- Log in to Digital Access Admin with an administrator account.
In Digital Access Admin, go to Manage System.
Click Delegated Management.
- Click Add Role…
- Enter a Display Name and Description and select privilege(s) for the new role. Click Next when done.
- To define which user accounts the role will manage, select user group from the drop-down list and click Add Group.
- Click Next.
To assign the role to specific administrators, click Add Administrator… and enter a User ID on the next page.The User ID must exist and be linked in the directory service before you can use delegated administration. The User ID's directory password is used to login to the administration interface. To enable any other authentication methods, use the Standard resource of 'Nexus Administration' with a new 'Access Rule' All access must then go via the Access Point.
- To assign entire user groups to the role, select a previously registered administrator group from the Select Administrator Groups drop-down list and click Add Group.
- Click Finish.
The roles Help Desk and Super Administrator are predefined roles, and they cannot be deleted.