Introduction to Delegated Admin
Delegated Admin is an add-on to PingDirectory that enables the delegation of user and group management.
Delegated Admin lets organizations assign responsibilities associated with the management of identities in the PingDirectory server to a subset of administrators.
These delegated administrators can be any user outside the organization’s IT department, including a customer.
The following employees typically fulfill roles that involve at least a basic level of identity management and represent strong candidates for inclusion in a group of delegated administrators:
-
Help desk or customer service representatives who unlock and reset passwords
-
Managers and Human Resources administrators who update employee profiles
-
Application administrators who update identity attributes and manage access to applications
Features
Delegated Admin lets delegated administrators complete tasks across groups, subtrees, and entire organizations.
Tasks include:
-
Create, view, and search user profiles.
-
View user account information, including account status, last login time, and password expiration date.
-
Update user attributes.
-
Implement constructed attributes.
-
Set attributes to
read-only
. -
Enable and disable accounts.
-
Reset locked accounts.
-
Create and edit groups.
-
Manage the membership of groups and subgroups.
-
Manage the roles of users and groups.
-
Delete users, groups, and generic resource types.
-
Implement custom UI form fields.
-
Select user entries based on their distinguished names (DNs) without displaying the actual values of the DNs.
-
Preview and download reports about user profiles. Reporting provides the following features:
-
Capability to report for resources of a given type or limited to members of a group
-
Ability to display multiple values per attribute for each user
-
Protection against spreadsheet formula injection
-
-
Upload CSV files to add user, group membership, or organizational unit (OU) records.
-
Trigger a password reset process for a user that invokes the self-service password reset process defined by the business.
-
Configure REST Resource Types to correlate to other resource types to create one-to-many relationships without schema changes. Edit or delete linked entries from the edit page of the primary entry.