PingOne

Scenario 2: Custom role assignment from the Administrators environment

The goal of this scenario is to assign custom roles to two administrators and allow them to manage different environments in the organization.

To assign the Support Level 1 or Support Level 2 roles to users over multiple environments or the entire organization, the roles must be created in the Administrators environment. The general role assignment rules apply, which means:

  • The user who is going to assign the custom role must exist in the Administrators environment.

  • This user must have a role that can assign the new custom role.

  • This user must have that role scoped over the environments in which you want them to be able to assign users to manage with the new custom role.

In this scenario:

  • User C exists in the Administrators environment. They are assigned the Identity Data Admin role for all environments in the organization. The Identity Data Admin role can assign both the Support Level 1 and Support Level 2 roles.

  • Because User C has the Identity Data Admin role for all of the environments in the organization, they can assign the Support Level 1 and Support Level 2 roles to users over any environment in the organization.

  • User D and User E also exist in the Administrators environment.

  • User C assigns the Support Level 1 role to User D and the Support Level 2 role to User E. Both are scoped to the CompanyA_Support environment.

    A diagram outlining the scenario as documented.