Managing The Identity Hub
The Identity Hub has three administrative levels for managing the configuration in or cross* tenant
- Hub Admin *
- Hub Tenant Admin
- Tenant Admin
As of version 1.48 more sub-levels can be identified for a Tenant admin.
These levels only apply within the tenant itself and are organized according to functional roles.
Note
Hub Admin only applies to: On-premise and private Azure Cloud scenarios (not for SAAS www.theidentityhub.com)
Note
Some of The Identity Hub configurations and Customizations can only be configured by administrators having access to The Identity Hub installation location. Applies to: On-premise and private Azure Cloud scenarios (not for SAAS www.theidentityhub.com)
Hub Admin
Note
Applies to: On-premise and private Azure Cloud scenarios (not for SAAS www.theidentityhub.com)
A Hub Admin can manage the complete The Identity Hub instance and all of its Tenants. When The Identity Hub is installed one Hub Admin is created by default.
New Hub Admins can be added by other Hub Admins. A Hub Admin can add Tenant Admins to specific Tenants.
See Add an Admin
Hub Tenant Admin
Anyone who registers a Tenant is a Hub Tenant Admin and can manage the Tenant he registered. A Hub Tenant Admin can add other Tenant Admins for the Tenant.
See Add an Admin
Tenant Admin
A Tenant Admin can manage a single Tenant. Tenant Admins are added to a Tenant by a Hub Admin or other Tenant Admins.
There are different sub-levels for Tenant Admins:
- Default
- Service Desk admin
- IAM admin
- Tenant admin
Each sub-level extends the previous sub-level.
Default
When a user has accepted an administrator invitation the default level is applied which only gives read only access to the public Protocol endpoints information.
Service desk (as of version 1.64)
Administrators with Service desk level can assist existing users.
Following menu items and corresponding functionality are accessible read only for troubleshooting:
The Identities menu and its functionality is accessible, but read only. Service desk administrators can however initiate the password recovery flow and reset the 2FA secret of a user.
The list of administrators is accessible read only in order to know to whom issues can be escalated.
Identity and Access Admin
An IAMAdmin has additionally access to all information that is required to manage new and existing identities and their access.
The Identities menu and its functionality is therefore accessible with full control.
This means an IAM Admin can administer existing users (eg. update the profile properties); but also manage their access via block, unblock and roles assignment.
See Identities for more information.
IAM administrators can create HAP users for the user name password provider or import users.
As of version 1.64:
IAM administrators can create roles in order to assign them to (HAP) users managed in The Identity Hub.
The reports related to Identities are made available for IAM administrators.
IAM administrators can invite fellow administrators. They can manage administrators up to the Service desk sub-level.
Tenant Admin
A Tenant Admin has full management control on a tenant including managing the tenant, account providers, roles, apps, scopes, identities, .... This level is backwards compatible with all versions prior to 1.48.
See Add an Admin