Administrative roles
The following table describes the administrative roles available in PingOne for Enterprise accounts.
You can assign administrators to a read-only role, which grants access to the areas of the admin portal normally allowed by that administrative role, but not the ability to change settings.
Administrators can only be assigned one administrative role at a time. |
In PingOne SSO for SaaS Apps accounts, the only administrative roles are Audit & Report Administrator and Global Administrator.
For PingOne SSO for SaaS Apps with Managed Accounts, managed accounts have the PingOne for Enterprise administrative roles.
Administrative Role | Description | ||
---|---|---|---|
Application Administrator |
Can manage only the specific applications that you assign. After saving the role assignment, you can choose to limit the management permissions. An application administrator has access only to the admin portal pages associated with their assigned management permissions. For more information, see Assign Application Administrator applications. |
||
Audit & Report Administrator |
Can manage subscriptions for audit events and run reports. Can only access the following pages:
|
||
Global Administrator |
Has full permissions to manage and configure all aspects of the account and the admin portal, including the ability to manage all group and role assignments. Receives email notifications before and after certificate expiration. For more information, see Certificate management. For the PingOne for Enterprise Directory, assigning a user the global administrator role also assigns the user to the domain administrators group. If you set up the PingOne for Enterprise account, you are automatically assigned the role of global administrator. |
||
Identity Repository Administrator |
Manages the configuration of identity repositories. Can only access the following pages:
The identity repository administrator can also view and modify the directory settings when using the PingOne for Enterprise Directory. |
||
PingID Device Administrator |
This role can only access Users → Users by Service → PingID. This role can unpair one or more user devices, or assign a device as the user’s primary device.
For more information about managing PingID device settings, see PingID User Life Cycle Management in the PingID documentation. |
||
SaaS Administrator |
Manages the Application Catalog and application connections. Receives email notifications before and after certificate expiration. For more information, see Certificate management. Can only access the following pages:
|
||
Service User Administrator |
Manages the PingOne for Enterprise services a user can use. This role includes the capabilities of the PingID Device Administrator. Can only access the following pages:
|
||
Support Administrator |
Has Read/Write permissions to the admin portal. Can impersonate and manage subtenants, but cannot make changes in parent account. Available only on PingOne for Enterprise for Managed Service Providers. |