--- title: Adding administrators description: You can designate an existing user as an administrator or create a new administrator user. component: pingone page_id: pingone:getting_started_with_pingone:p1_add_admin_user canonical_url: https://docs.pingidentity.com/pingone/getting_started_with_pingone/p1_add_admin_user.html revdate: March 11, 2025 section_ids: steps: Steps next-steps: Next steps --- # Adding administrators You can designate an existing user as an administrator or create a new administrator user. | | | | - | --------------------------------------------------------------------------------------------------------------------- | | | To prevent privilege escalation, you cannot create an administrator user if you do not have administrator privileges. | ## Steps 1. In the Administrators environment, go to **Directory > Users** and browse or search for the user you that want to make an administrator. | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | To create a new user with administrator privileges, click the **[icon: plus, set=fa]**icon. Learn more in [Adding a user in PingOne](../directory/p1_adduser.html). All administrator users should be maintained in the Administrators environment. | 2. Click the user entry to open the user details panel. 3. On the **Roles > Administrator Roles** tab, click **Grant roles**. | | | | - | ---------------------------------------------------------------------------------------------------------- | | | If there aren't any application roles available in the environment, the settings are on the **Roles** tab. | 4. Select an administrator role, such as **Environment Admin**, **Identity Data Admin**, or **Organization Admin**. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | You cannot assign privileges greater than those you are assigned. When you are determining which role to assign, consider the role that has the minimum permissions necessary for the administrator to perform their job responsibilities. Scope that role according to the levels at which the administrator should have this access.Learn more in [Administrator Roles](../directory/p1_roles.html) and [Managing user roles](../directory/p1_manage_user_roles.html). | 5. Click **Save**. 6. On the **Profile** tab, click **Verify** to send a verification email to the user. | | | | - | -------------------------------------------------------- | | | All administrator users must verify their email address. | 7. Go to **Settings > Environment Properties** and copy the **Console Login URL**. 8. Contact the new administrator and provide them with the following: * Their PingOne user name, if different from their email address. * The **Console Login URL** from the previous step. * (Optional) A temporary password for the console (if you set one up when you created the user). * The instructions for [Completing the administrator account registration](p1_complete_admin_registration.html) ## Next steps The new administrator completes their account registration. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | Older organizations might not have an **Administrators** environment by default. To improve security posture, separate administrators from end users and manage all administrators in their own environment. |