Managing roles individually
About this task
Use the Users page to add roles to a user.
Steps
-
In PingOne, go to the Administrators environment.
Older organizations might not have an Administrators environment by default. To separate administrators from end users and improve security posture, you should manage all administrators in their own environment.
-
Go to Directory → Users and browse or search for the user that you want to edit.
-
Browse for an existing user or create a new one.
Learn more in Adding a user.
-
Click the user entry to open the user details panel.
-
Click the Roles → Administrator Roles tab.
If roles are assigned, they’re listed here with information about where those roles apply. For example, in the following image, BX User has the Application Owner role in two environments. Because the role is assigned at the environment level, they have the role over all of the applications in those environments. In a third environment, they have the role over only two applications. They also have the Environment Admin role, and they have that role in three environments.
You can assign administrator roles to users, groups, applications, or PingFederate gateway integrations.
Click the Info icon to view the permissions associated with the role. Click the down arrow on the right to view the list of environments or populations for which the role is assigned.
-
Click Grant Roles.
The Available Responsibilities tab lists the roles that you are allowed to assign and the environments for which you are allowed to assign them. A responsibility is the combination of the role assignment and the level, or scope, at which the role is applied. Depending on the role, it could be assigned at the organization, environment, population, or application level.
The Granted Responsibilities tab lists any roles that are currently assigned.
-
On the Available Responsibilities tab, click the role that you want to assign or change and perform any combination of the following:
-
To assign the role, select the checkboxes next to the applicable environments.
Click Select All or Remove All to select or clear all available responsibilities.
-
To remove a role assignment, clear the checkboxes next to the applicable environments.
-
To grant this access for only a portion of the environment, click the Reduce Access icon (), select a subset of the available applications or populations on the Limit Access page, and click Confirm.
You can grant only roles that are assigned to you or that confer the permissions needed to assign that role to others. For example, if you do not have the Environment Admin role, you cannot assign the Environment Admin role to others (and that role will not be listed under Available Responsibilities). However, if you have the Identity Data Admin role, you can assign either the Identity Data Admin role or the Identity Data Read Only role to others.
Learn more about the permissions associated with each role in Roles.
-
-
Click Save.
Result
The role assignments that you selected are listed on the Granted Responsibilities tab.