Managing administrators
If you are an administrator with the appropriate permissions, you can add new administrators and define their permissions using roles.
Adding an administrator user
About this task
You can designate an existing user as an administrator or create a new administrator user.
To prevent privilege escalation, you cannot create an administrator user if you do not have administrator privileges. |
Steps
-
In the Administrators environment, go to Directory → Users and browse or search for the user you that want to make an administrator.
To create a new user with administrator privileges, click the icon. Learn more in Adding a user. All administrator users should be maintained in the Administrators environment.
-
Click the user entry to open the user details panel.
-
On the Roles → Administrator Roles tab, click Grant roles.
-
Select an administrator role, such as Environment Admin, Identity Data Admin, or Organization Admin.
You cannot assign privileges greater than those you are assigned. When you are determining which role to assign, consider the role that has the minimum permissions necessary for the administrator to perform their job responsibilities. Scope that role according to the levels at which the administrator should have this access.
Learn more in Administrator Roles and Managing user roles.
-
Click Save.
-
On the Profile tab, click Verify to send a verification email to the user.
All administrator users must verify their email address.
-
Go to Settings → Environment Properties and copy the Console Login URL.
-
Contact the new administrator and provide them with the following:
-
Their PingOne user name, if different from their email address.
-
The Console Login URL from the previous step.
-
(Optional) A temporary password for the console (if you set one up when you created the user).
-
The instructions for Completing your administrator account registration.
-
Next steps
The new administrator completes their account registration.