Admin Management in a Nutshell
The Cloudentity administrator term refers to a user with the privileges to one or more of the following actions:
- Administration of the entire tenant
- Audit rights for the entire tenant
- Administration of specific workspace only
- Audit rights for specific workspace only
Cloudentity administrators with tenant-level privileges have the possibility to invite new administrators and manage existing administrators. Only users stored in Cloudentity Identity Pools can be assigned administrator roles.
Important
Admin management is currently behind a feature flag. If you wish to use it, contact Cloudentity Sales Team.
Invite New Tenant Administrators
Only Tenant Admins can perform this action. This flow is valid for newly created tenants.
-
Go to Tenant Settings » Administrators.
You should see a list of administrators for this tenant showing a single user created with the tenant. If you see a message redirecting you to the admin workspace, come over to Advanced Administrator Management instead.
-
Select Create New to invite a new administrator. Enter the user’s e-mail, First Name Last Name, and Tenant Role, then select Create.
New user is created and the User Profile form opens. Invitation e-mail is sent to the user’s e-mail.
-
Once the user accepts the invitation, their account becomes active, and they are able to log in and perform actions matching their assigned role.
Assign Roles to Tenant Administrators
-
Go to Tenant Settings » Administrators.
-
Select an administrator from the list. The User Profile opens.
-
Assign a role to the administrator in the Roles field.
Set Tenant Administrator Log In Methods
-
Go to Tenant Settings » Administrators.
-
Go to Settings > Sign In / Sign Up.
-
Set the available sign in methods.
Field Description Authentication Method Set up the preferred authentication method for administrators in this tenant. Use the menu to set preference to either password or OTP.
Set Password Policy for Tenant Administrators
-
Go to Tenant Settings » Administrators.
-
Go to Sign-In > Password Policy. Password configuration form opens, where you can set the required password strength, length, and other parameters.
-
Set the password policy.
Set Tenant Administrator Status
-
Go to Tenant Settings » Administrators.
-
Select an administrator from the Users list.
-
Select Manage and change the administrator status. Inactive administrators can no longer log in to Cloudentity.
Assign Workspace Administrators
Only Tenant or Workspace Administrators can perform this action. All tenant administrators, auditors, and members can be assigned a workspace role.
-
Open the target workspace and go to Manage Access. This page shows a list of users with Admin/Auditor rights in scope of this workspace.
-
Select Add User and select the user from the form (which shows all tenant admins, auditors, and members).
Field Description Role Role to be assigned to the user, either Workspace Admin or Workspace Auditor. User User to be granted a role in this workspace. -
Select Add. This user can now perform either administrative or auditorial tasks on this workspace. When the user logs in, they see the administrative UI tailored to their permissions.
Advanced Administrator Management
When advanced administrator management is enabled on your tenant, the management procedures are different as you need to access the built-in administrative Identity Pool. If advanced administrator management is enabled, you will be notified about this on the Administration page.
-
Go to Tenant Settings » Administrators.
Select Open Admin Workspace as prompted. You are redirected to the Identity Providers page in the Admin workspace.
-
Select the Built in Admin IDP.
-
Select Manage Pool from the IDP configuration page. You are redirected to the Identity Pools page where you can see the Cloudentity Administrators Identity Pool. Open this pool and go to the Users page.
-
You can now perform administrator management. In addition to basic management, you have more possibilities such as:
- Assigning new Identifiers (used to authenticate) to the admin user.
- Assigning new Addresses (used by Cloudentity to send OTPs/e-mails) to the admin user.
- Changing admin user schema under User Attributes.
- Changing admin metadata schema under Metadata Attributes.
- Setting user status to
new
, resetting user password or initiating OTP verification under the Manage button.