Administrative Roles for the Cloud Administration Console
Administrative roles control what you can view and manage in the Cloud Administration Console for Cloud Access Service (CAS). For example, roles affect the management of identity routers, access policies, and user authenticators. Each administrator is assigned an administrative role with specific privileges. The Cloud Administration Console supports two administrative roles:
Super Admin
Help Desk Admin
Super Admin
Super Admins have unrestricted privileges in the Cloud Administration Console, including the ability to add or edit other administrators. Super Admins are responsible for setting up RSA for the first time, then maintaining, updating, and troubleshooting the deployment as necessary.
RSA creates one initial Super Admin account in the Cloud Administration Console and provides the associated username and password in an email message. Use this account to add new administrators. RSA recommends that you add multiple Super Admins so that if one Super Admin account needs a password reset, another Super Admin can access the account and change the password.
Note: Super Admins for the Cloud Administration Console can manage identity routers and settings in CAS. Settings in Authentication Manager can be managed only by administrators with assigned roles in Authentication Manager. For example, identity routers that are embedded in AM 8.5 or later can only be downloaded, installed, and deleted from the Security Console by administrators with appropriate roles in AM.
To change an administrator's role, see Add, Edit, or Delete an Administrator in the Cloud Administration Console.
Help Desk Administrators
Help Desk Admins assist users who authenticate with CAS. Help Desk Admins can perform the following actions in the Cloud Administration Console.| Help Desk Task | Reference |
|---|---|
| View the dashboard. | Cloud Administration Console Dashboard |
| View user information. | View User Information |
Delete users' registered authenticators (Authenticate devices, FIDO authenticators, known browsers) | Delete a User's Authenticator |
| Generate device registration codes for Authenticate users. | Generate a Device Registration Code |
| Run reports on the Users > Reports page. | Run User Reports |
Unlock SecurID Authenticate OTP, SMS Tokencodes, and Voice Tokencodes for users. | Unlock a User's SMS, Voice, and Authenticate Tokencodes |
| Generate Emergency Tokencodes for users. | Provide an Emergency Tokencode to a User |
View, add, modify, and delete user phone numbers for SMS Tokencode and Voice Tokencode. | Manage User Phone Numbers |
Use the User Event Monitor to troubleshoot user issues. | Monitor User Events in the Cloud Administration Console |
Synchronize individual users with identity sources. | Synchronize One User |
Reset their own passwords, but not reset passwords for other Help Desk Admins or Super Admins. | Change Your Account Name and Password in the Cloud Administration Console |
Enable or disable user accounts for non-administrative users and Help Desk Admins, but not for Super Admins. | Enable or Disable a User |
| Undelete users who are pending deletion. |
Related Articles
Manage Administrators for the Cloud Administration Console Number of Views Add, Edit, or Delete an Administrator in the Cloud Administration Console Number of Views Monitor User Events in the Cloud Administration Console Number of Views Configuring SharePoint 2010 for SecurID protection with SSO Number of Views Requesting RSA to create additional Super Administrator accounts for the RSA SecurID Access Cloud Authentication Service Number of Views
Trending Articles
An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process
