Administrative roles control what you can view and manage in the Cloud Administration Console for the Cloud Authentication Service. For example, roles affect the management of identity routers, access policies, and user devices. Each administrator is assigned an administrative role with specific privileges. The Cloud Administration Console supports two administrative roles:
- Super Admin
- Help Desk Admin
Note: Administrators for the Cloud Administration Console can manage identity routers and settings in the Cloud Authentication Service. These administrators can manage settings in RSA Authentication Manager only if they are added to Authentication Manager with administrative roles.
Super Admins have unrestricted privileges in the Cloud Administration Console, including the ability to add or edit other administrators. Super Admins are responsible for setting up RSA SecurID Access for the first time, then maintaining, updating, and troubleshooting the deployment as necessary.
RSA creates one initial Super Admin account in the Cloud Administration Console and provides the associated username and password in an email message. Use this account to add new administrators. RSA recommends that you add multiple Super Admins so that if one Super Admin account needs a password reset, another Super Admin can access the account and change the password.
Help Desk Administrators
Help Desk Admins assist users who authenticate with the Cloud Authentication Service. Help Desk Admins can perform the following actions in the Cloud Administration Console:
- View the dashboard.
- Update My Profile, including change own password.
- View and delete users' registered devices (Authenticate devices, FIDO Token, known browsers)
- Run reports on the Users > Reports page.
- Unlock RSA SecurID Authenticate Tokencode for users.
- View, add, modify, and delete user phone numbers for SMS Tokencode and Voice Tokencode.
- Use the User Event Monitor to troubleshoot user issues.
- Synchronize individual users with identity sources.
- Reset their own passwords, but not reset passwords for other Help Desk Admins or Super Admins.
- Enable or disable user accounts for non-administrative users and Help Desk Admins, but not for Super Admins.
- Undelete users who are pending deletion.