Managing Administrators

The types of administrators and their roles and responsibilities depend on the size of your deployment. A small, single-organization deployment can have just one Master Administrator (MA) and a Global Administrator (GA) who administers the organization for end users. On the other hand, a very large multi-organization deployment can find it necessary to have multiple GAs who, based on the complexity of the deployment and the number of end users, can further delegate their organization and user management duties among several Organization Administrators (OAs) and User Administrators (UAs).
cara
The types of administrators and their roles and responsibilities depend on the size of your deployment. A small, single-organization deployment can have just one Master Administrator (MA) and a Global Administrator (GA) who administers the organization for end users. On the other hand, a very large multi-organization deployment can find it necessary to have multiple GAs who, based on the complexity of the deployment and the number of end users, can further delegate their organization and user management duties among several Organization Administrators (OAs) and User Administrators (UAs).
See Supported Roles for information about supported administrative roles. This article covers the following administrator management operations:
2
In addition to the operations discussed in this article , the Master Administrator has the privilege to create "Custom Roles" that are derived from the existing default roles supported by RA.
How to Create an Administrator
To create an administrator:
  1. Ensure that you are logged in with the required privileges and scope to create the administrative user.
  2. Activate the
    Users and Administrators
    tab.
  3. Under the
    Manage Users and Administrators
    section, click the
    Create Administrator
    link to display the Create Administrator page.
  4. In the
    Administrator Details
    section, enter the details of the administrator. The following table explains the fields on this page.
Input
Description
User Name
The unique user name for the administrator.
Organization
The display name of the organization to which the administrator belongs.
Note:
This is
not
the organization that this administrator will manage.
First Name
The first name of the administrator.
Middle Name
(optional)
The middle name, if any, of the administrator.
Last Name
The last name of the administrator.
5. In the
Email Address(es)
section, enter the email address of the administrator for the email types configured for the organization.
6. In the
Telephone Number(s)
section, enter the phone number to contact the administrator.
If multiple telephone types are configured, you
must
enter values for all the mandatory telephone types.
7. In the
Custom Attributes
section, enter the
Name
and
Value
of any attributes you want to add, such as office location.
8. Click
Next
to proceed.
The next page appears.
9. On this page:
Specify the role of the new administrator from the
Role
drop-down list.
  • In the
    Set Password
    section, set and confirm the password for the administrator.
  • In the
    Manages
    section, select the organizations that the administrator will have scope on, and perform one of the following:
    • Select the
      All Organizations
      option, if you want the administrator to manage all current and future organizations in the system.
      or
    • Select the required organizations from the
      Available Organizations
      list and click the
      >
      button to add these organization to the
      Selected Organizations
      list.
    The
    Available Organizations
    list displays
    all
    the organizations that are available in the scope of the administrator creating this new account. The
    Selected Organizations
    displays the list of organizations that you have selected for the administrator to manage.
10. Click
Create
to save the changes, create the account, and activate it.
11. Communicate the new password to the administrator.
 
Privileges Required
An administrator can create other administrators who belong to the same level or to the lower levels in the administrative hierarchy
and
have the same or lesser scope. For example:
  • The MA can create all other types of administrators.
  • GAs can create the following
    within
    their scope:
    • Other GAs
    • OAs
    • UAs
  • OAs can create the following
    within
    their scope:
    • Other OAs
    • UAs
How to Change Profile Information for an Administrator
The profile information for an account includes:
  • Personal information (first, middle, and last names and contact information).
  • Password for the account.
  • Administrator preferences, such as Preferred Organization (the organization that will be selected by default in the
    Organization
    fields for all administrator-related tasks that you might perform in future), date time format, locale, and timezone information.
An administrator can change their account’s profile information at any time. To change the information for any other administrative account, see How to Update Administrator Information.
To change the administrator profile information for your account, if it was created with basic Username-Password credential:
  1. Ensure that you are logged in t
    o your account.
  2. In the
    Header
    frame, click the <ADMINISTRATORNAME> link to display the My Profile page.
  3. Edit the required settings in the sections on this page:
    1. Edit the fields in the
      Personal Information
      section, as needed.
    2. If you want to change the current password, then in the
      Change Password
      section, enter the
      Current Password,
      and specify a new password in the
      New Password
      and
      Confirm Password
      fields.
    3. In the
      Administrator Preferences
      section:
      • Select the
        Enable Preferred Organization
        option, and select an organization from the
        Preferred Organization
        list. This organization will be selected for all administrator-related tasks that you perform from now on.
      • Specify the preferred
        Date Time Format
        .
      • Select the preferred
        Locale
        for your instance of Administration Console.
      • Select the required option from the
        Time Zone
        list.
  4. Click
    Save
    to change the profile information.
Privileges Required
Only the administrator whose account information is being updated can change this information.
How to Search for an Administrator
To search for an administrator:
  1. Ensure that you are logged in with the required privileges and scope.
  2. Activate the
    Users and Administrators
    tab.
  3. Specify the search criteria to display the list of administrators. You can:
    • Search for administrators by specifying the partial or complete information of the administrator in the fields on this page.
    • Search for administrators by specifying the organization's Display Name.
    • Search for administrators by not specifying any criteria and just clicking
      Search
      .
    • Click the
      Advanced Search
      link to display the Advanced Search page to search for the required administrators by specifying their Status or Role.
    In the
    User Status
    section, you can search for
    Current Users
    based on the user status (Active, Inactive, or Initial) or you can search for
    Deleted Users
    .
  4. Select
    Enable search by Accounts
    if you want to search for administrators based on account IDs also.
  5. Specify the required details of the administrators and click
    Search
    .
    A list of administrators matching the search criteria appears.
Privileges Required
As long as you do not need to update, activate, or deactivate an administrative account, you do not need privileges to search. However, you
must
have the scope over the organizations that the administrator belongs to. For example, a UA can search for administrators in the target organization
if
that organization is in their purview.
How to Update Administrator Information
To update administrator information:
  1. Ensure that you are logged in with the required privileges to update the administrative user.
  2. Activate the
    Users and Administrators
    tab.
  3. Under the
    Manage Users and Administrators
    section, click the
    Search Users and Administrators
    link to display the corresponding page.
  4. Enter the partial or complete information of the administrator whose account you want to update and click
    Search
    .
    A list of administrators matching the search criteria appears.
  5. Click the <
    user name
    > link of the administrator whose account you want to edit.
    The Basic User Information page appears.
    This page also displays the
    User Account Information
    (
    Account Type
    ,
    AccountID
    , and
    Status
    ) if any account type was configured.
  6. Click
    Edit
    to change the administrator information on this page.
    In the
    User Details
    section, edit the required fields (
    First Name
    ,
    Middle Name
    , and
    Last Name
    )
    .
  7. In the
    Email Address(es)
    section, edit the email
    addresses for the email types configured for the organization
    .
  8. In the
    Telephone Number(s)
    section, edit the telephone numbers for the telephone types configured for the organization.
  9. In the
    Custom Attributes
    section, edit the
    Name
    and
    Value
    of the custom attributes.
  10. You can either click
    Save
    to save the changes made and return to the User Information page,
    or
    you can click
    Next
    to proceed with additional configurations.
    If you don’t see a
    Next
    button, it means that no account type has been configured for the organization. In this case, click
    Update Administrator Details
    and go to Step 14.
    If you click
    Next
    , then the User Account page appears.
  11. In the
    User Account
    section:
    • Edit the
      Account Type
      and
      Status
      fields.
    • Expand
      Advanced Attributes
      to add
      AccountID Attributes
      for the account ID.
    If this is the first account ID you are creating, you must click
    Add
    to add an account ID before you can update it. For more information about adding an account ID, see Create Account IDs.
  12. Click
    Update
    Administrator Details
    .
    The
    Update Administrator
    page appears.
  13. In the
    Role
    section on this page, change the role of the administrator by using the
    Role
    drop-down list.
  14. In the
    Set Password
    section:
    • Set
      the
      Password
      and
      Confirm Password
      for the administrator.
    • Select
      Lock
      to lock the administrator’s credentials for the
      Credential Lock Period
      , which you can specify in the
      From
      and
      To
      fields.
  15. In the
    Manages
    section, select the organizations that the administrator will manage.
    You can also remove the organization from the administrator’s scope by moving the specific organization from
    Selected Organizations
    to
    Available Organizations
    .
  16. Click
    Save
    to save the updates.
Privileges Required
To update administrator information, you must ensure that you have the appropriate privileges and scope. The MA can update any administrator. The GAs can update all the administrators (including other GAs) in their scope,
except
the MA account. The OAs can update all other OAs and UAs in their purview, while UAs can only update their peers within their scope.
How to Demote an Administrator to User Role
You can change the role of an administrator to an user. For example, an administrator in the IT department might have moved to the Engineering department. In this case, we would want to retain the user details, but remove the administrative privileges for the user.
To demote an administrator to a user:
  1. Perform Step 1 to Step 13, as described How to Update Administrator Information.
    The Update Administrator page appears.
  2. On the Update Administrator page, click
    Change
    Role to User
    .
  3. Click
    OK
    in the confirmation dialog box that appears.
  4. You get the following message:
    Successfully demoted the administrator to user.
 
Privileges Required
To update administrator information, you must ensure that you have the appropriate privileges and scope. The MA can update any administrator. The GAs can update all the administrators (including other GAs) in their scope,
except
the MA account. The OAs can update all other OAs and UAs in their purview, while UAs can only update their peers within their scope.
How to Configure Account IDs for Administrators
In addition to the user name, an
account ID
is an alternate method to uniquely identify a user in RA system. After you have configured the account types that your organization will use, you can associate one account ID per user for any of these account types. For more information about account types, see Configuring the Account Type .
Privileges Required
To configure an account ID for an account type, you must ensure that you have the appropriate privileges and scope to update the user account. The MA can update any user account. The GAs can update all user accounts in their scope. The OAs and UAs can update the user accounts in their purview.
How to Create Account IDs
To create an account ID:
  1. Ensure that you are logged in with the required privileges and scope to update the administrator information.
  2. Activate the
    Users and Administrators
    tab.
  3. Under the
    Manage Users and Administrators
    section, click the
    Search Users and Administrators
    link to display the Search Users and Administrators page.
  4. Enter the partial or complete information of the administrator whose account you want to update and click
    Search
    .
    A list of administrators matching the search criteria appears.
  5. Click the <
    user name
    > link of the administrator whose account you want to edit.
    The Basic User Information page appears.
  6. Click
    Edit
    to open the Update Administrator page.
  7. Click
    Next
    to display the User Account page.
  8. Select the
    Account Type
    for which you want to add the account ID.
  9. Specify the unique
    AccountID
    in the text box.
    This combination of account type and account ID will be used to identify the user in addition to the user name.
  10. Select the
    Status
    of the user account from the drop-down list.
  11. If required, expand the
    Advanced Attributes
    section, and do the following:
    • Provide attributes for the account ID you are creating.
    You can specify up to a maximum of three account ID attributes for any account ID.
  12. Click
    Add
    to add the account ID.
How to Update Account IDs
You cannot change the account ID once it is created. You can only change the status of the user account and add or delete account ID attributes and custom attributes.
To update an account ID:
  1. Complete Step 1 through Step 7 in Create Account IDs to display the User Account page.
  2. Select the
    Account Type
    for which you want to update the account ID information.
  3. If required, change the
    Status
    of the user account from the drop-down list.
  4. If required, expand the
    Advanced Attributes
    section, and provide attributes for the account ID you are creating and custom attributes, if any.
  5. Click
    Update
    to save your changes.
How to Delete Account IDs
To delete an account ID:
  1. Complete Step 1 through Step 7 in Create Account IDs to display the User Account page.
  2. Select the
    Account Type
    for which you want to delete the account ID.
  3. Click
    Delete
    to delete the account ID.
How to Deactivate an Administrator Account
To prevent an administrator from logging in to their account for security reasons, you can deactivate them instead of deleting them. If you deactivate an administrator, the administrator is locked out of their account, and cannot log in unless the account is re-activated again.
To deactivate an administrative account:
  1. Ensure that you are logged in with the required privileges to deactivate the administrator.
  2. Activate the
    Users and Administrators
    tab.
  3. Under the
    Manage Users and Administrators
    section, click the
    Search Users and Administrators
    link to display the Search Users and Administrators page.
  4. Enter the partial or complete information of the administrator whose account you want to deactivate and click
    Search
    .
    You can also click the
    Advanced Search
    link to search for
    Current Users
    based on their status (active or inactive) or their roles (GA, OA, or UA).
    The Search Results page appears, with all the matches for the specified criteria.
  5. Select one or more administrators you want to deactivate.
  6. Click
    Deactivate
    to deactivate the selected administrator.
 
Privileges Required
To deactivate an administrator, you must ensure that you have the appropriate privileges and scope. The MA can deactivate any administrator, while GAs can deactivate all administrators (including other GAs) in their scope,
except
the MA account. The OAs can deactivate all other OAs and the UAs in their purview, while UAs can only deactivate their peers within their scope.
How to Temporarily Deactivate an Administrator
Temporarily deactivating
the administrator differs from
deactivating
the administrator (See How to Deactivate an Administrator). When you temporarily deactivate the administrator, the administrator is automatically activated when the end of the lock period is reached. But when you deactivate an administrator, you must manually activate them again whenever you want to provide access to them.
To temporarily deactivate an administrator, you must specify the
Start Lock Date
and
End Lock Date
for the period that you want the administrator to be locked. When the
End Lock Date
is reached, the administrator is automatically activated.
To temporarily deactivate an administrator:
  1. Ensure that you are logged in with the required privileges to deactivate the administrator.
  2. Activate the
    Users and Administrators
    tab.
  3. Under the
    Manage Users and Administrators
    section, click the
    Search Users and Administrators
    link to display the Search Users and Administrators page.
  4. Enter the partial or complete information of the administrator whose account you want to deactivate and click
    Search
    .
    You can also click the
    Advanced Search
    link to search for
    Current Users
    based on their status (active or inactive) or their roles (GA, OA, or UA).
    The Search Results page appears, with all the matches for the specified criteria.
  5. Select one or more administrators you want to deactivate temporarily.
  6. Click
    Deactivate Temporarily
    .
    The Deactivate User Temporarily dialog box appears.
  7. In the
    Starting From
    section, select the start lock
    Date
    and the
    Time
    .
  8. In the
    To
    section, select the end lock
    Date
    and the
    Time
    .
  9. Click
    Save
    to save your changes.
    If you do not specify any value for the
    Starting From
    fields, the account is locked from the current time. If you do not specify an end lock
    Date
    , the account is locked forever.
 
Privileges Required
To temporarily deactivate an administrator, you must ensure that you have the appropriate privileges and scope. The MA can deactivate any administrator, while GAs can deactivate all administrators (including other GAs) in their scope,
except
the MA account. The OAs can deactivate all other OAs and the UAs in their purview, while UAs can only deactivate their peers within their scope.
How to Activate an Administrator Account
You might need to activate a deactivated administrator. For example, you might deactivate an administrator if the administrator is on long vacation. This helps prevent unauthorized access to that administrator information.
You cannot search directly for the deactivated administrators by specifying the search criteria and clicking the
Search
button on the Search Users and Administrators page. You
must
perform an
Advanced Search
for such administrators and use the
Inactive
option in the
Current Users
section to search.
To activate an administrator account:
  1. Ensure that you are logged in with the required privileges to activate the administrator.
  2. Activate the
    Users and Administrators
    tab.
  3. Under the
    Manage Users and Administrators
    section, click the
    Search Users and Administrators
    link to display the Search Users and Administrators page.
  4. Click the
    Advanced Search
    link to search for
    Current Users
    based on their status (active or inactive).
    The Advanced Search page appears.
  5. Enter the partial or complete information of the administrator in the
    User Details
    section.
  6. In the
    User Status
    section, for
    Current Users
    , select the
    Inactive
    and
    Initial
    options to search for all inactive or initial administrators.
  7. Click
    Search
    to display the list of all administrators matching the search criteria.
  8. Select the administrators you want to activate.
  9. Click
    Activate
    to activate the administrator.
 
Privileges Required
To activate an administrator, you must ensure that you have the appropriate privileges and scope. The MA can activate any administrator, while the GAs can activate all administrators (including other GAs) in their scope,
except
the MA. The OAs can activate all other OAs and UAs in their purview, while the UAs can only activate their peers within their scope.
How to Delete an Administrator Account
Administrator information in RA includes personal information (first name, middle name, last name, email address, and telephone number), credentials, and accounts. When you delete an administrator from Administration Console, the credential and account information must also be deleted along with the personal information. RA supports the cascaded user deletion feature by which all credential, account, and risk-related information for an administrator is also deleted when the administrator is deleted.
If you create a new administrator with the same name as a previously deleted administrator, then the new administrator
does not
automatically assume the privileges of the previously deleted administrator. If you need to duplicate a deleted administrator, then you must manually re-create all privileges.
To delete an administrator account:
  1. Ensure that you are logged in with the required privileges to delete the administrator.
  2. Activate the
    Users and Administrators
    tab.
  3. Under the
    Manage Users and Administrators
    section, click the
    Search Users and Administrators
    link to display the Search Users and Administrators page.
  4. Enter the partial or complete information of the administrator you want to delete and click
    Search
    .
    You can also click the
    Advanced Search
    link to search for
    Current Users
    based on their status (active, inactive, or initial) or their roles (GA, OA, or UA).
    The Search Results page appears, with all the matches for the specified criteria.
  5. Select one or more administrators you want to delete.
  6. Click
    Delete
    .
    Even though you have deleted the administrator, their account information is still maintained in the database.
Privileges Required
To delete an administrator, you must ensure that you have the appropriate privileges and scope. The MA can delete any administrator, while the GAs can delete all administrators (including other GAs) in their scope,
except
the MA account. The OAs can delete all other OAs and UAs in their purview. However, the UAs
cannot
delete their peers within their scope.