PingOne

Scenario 3: Custom role assignment for delegated administration of another environment

The goal of this scenario is for an administrator with a built-in role to assign custom support roles to users that are in a different environment.

In this scenario:

  • User C exists in the Administrators environment. They are assigned the Identity Data Admin role for all environments in the organization.

  • User F and User G exist in the CompanyA_Support environment.

  • Both the Support Level 1 and Support Level 2 roles are created in the CompanyA_Support environment. These roles are assignable by the Identity Data Administrator role.

  • Because User C has the Identity Data Admin role for all of the environments in the organization, they can assign the Support Level 2 role to User F in the CompanyA_Support environment.

  • User F can then assign the Support Level 1 role to User G because Support Level 1 role is assignable by either the Identity Data Admin or the Support Level 2 role, and the users both exist in the CompanyA_Support environment.

    A diagram showing outlining the scenario as documented.