You can designate an existing user as an administrator or create a new administrator user.


To prevent privilege escalation, you cannot create an administrator user if you do not have administrator privileges.

  1. In the Administrators environment, go to Directory > Users and browse or search for the user you that want to make an administrator.

    To create a new user with administrator privileges, click the + icon. Learn more in Adding a user. All administrator users should be maintained in the Administrators environment.

  2. Click the user entry to open the user details panel.
  3. On the Roles > Administrator Roles tab, click Grant roles.
  4. Select an administrative role, such as Environment Admin, Identity Data Admin, or Organization Admin.

    You cannot assign privileges greater than those you are assigned. When you are determining which role to assign, consider the role that has the minimum permissions necessary for the administrator to perform their job responsibilities. Scope that role according to the levels at which the administrator should have this access.

    Learn more in Administrator Roles and Managing user roles.

  5. Click Save.
  6. On the Profile tab, click Verify to send a verification email to the user.

    All administrator users must verify their email address.

  7. Go to Settings > Environment Properties and copy the Console Login URL.
  8. Contact the new administrator and provide them with the following:
    • Their PingOne user name, if different from their email address.
    • The Console Login URL from the previous step.
    • (Optional) A temporary password for the console (if you set one up when you created the user).
    • The instructions for Completing your administrator account registration.

The new administrator completes their account registration.