Administrative Roles for the Cloud Administration Console

Document created by RSA Information Design and Development Employee on Jul 14, 2016Last modified by RSA Information Design and Development Employee on Jul 27, 2020
Version 50Show Document
  • View in full screen mode
  
 

Administrative roles control what you can view and manage in the Cloud Administration Console for the Cloud Authentication Service. For example, roles affect the management of identity routers, access policies, and user authenticators. Each administrator is assigned an administrative role with specific privileges. The Cloud Administration Console supports two administrative roles:

  • Super Admin

  • Help Desk Admin

Super Admin

Super Admins have unrestricted privileges in the Cloud Administration Console, including the ability to add or edit other administrators. Super Admins are responsible for setting up RSA SecurID Access for the first time, then maintaining, updating, and troubleshooting the deployment as necessary.

RSA creates one initial Super Admin account in the Cloud Administration Console and provides the associated username and password in an email message. Use this account to add new administrators. RSA recommends that you add multiple Super Admins so that if one Super Admin account needs a password reset, another Super Admin can access the account and change the password.

Note:  Super Admins for the Cloud Administration Console can manage identity routers and settings in the Cloud Authentication Service. Settings in RSA Authentication Manager can be managed only by administrators with assigned roles in Authentication Manager. For example, identity routers that are embedded in Authentication Manager 8.5 or later can only be downloaded, installed, and deleted from the Security Console by administrators with appropriate roles in Authentication Manager.

To change an administrator's role, see Edit Administrator Settings on the Cloud Administration Console.

 

Help Desk Administrators

Help Desk Admins assist users who authenticate with the Cloud Authentication Service. Help Desk Admins can perform the following actions in the Cloud Administration Console.
                                                               
Help Desk TaskReference
View the dashboard. Cloud Administration Console Dashboard
View user information.View User Information

Delete users' registered authenticators (Authenticate devices, FIDO authenticators, known browsers)

Delete a User's Authenticator
Generate device registration codes for Authenticate users.Generate a Device Registration Code
Run reports on the Users > Reports page.Run User Reports

Unlock RSA SecurID Authenticate Tokencode, SMS Tokencodes, and Voice Tokencodes for users.

Unlock a User's SMS, Voice, and Authenticate Tokencodes
Generate Emergency Tokencodes for users.Provide a User with an Emergency Tokencode

View, add, modify, and delete user phone numbers for SMS Tokencode and Voice Tokencode.

Manage User Phone Numbers

Use the User Event Monitor to troubleshoot user issues.

Monitor User Events in the Cloud Administration Console

Synchronize individual users with identity sources.

Synchronize One User

Reset their own passwords, but not reset passwords for other Help Desk Admins or Super Admins.

Change Your Account Name and Password in the Cloud Administration Console

Enable or disable user accounts for non-administrative users and Help Desk Admins, but not for Super Admins.

Enable or Disable a User
Undelete users who are pending deletion.

Undelete a User Who is Pending Deletion

Undelete Users Who Are Pending Deletion - Bulk Maintenance

 

 

 

 

You are here
Table of Contents > Administrators > Administrative Roles for the Cloud Administration Console

Attachments

    Outcomes