Administrative Roles in Provisioning

Provisioning includes the following predefined administrative roles, which you can customize.

  • Token Administrator. Imports and manages tokens, and assigns tokens to users.

  • Request Approver. Approves, updates, and rejects Self-Service provisioning requests including new user accounts, user group membership, and token requests.

  • Token Distributor. Manages token provisioning requests. Determines how to assign and deliver tokens to users.

For each predefined role, you can configure the permissions shown in the following table for each administrator.

General Permissions

Authentication Permissions

Self-Service Permissions

Manage Policies

Manage Security Questions

Manage Delegated Administration

Manage Users

Manage User Groups

Manage Reports

Manage SecurID Tokens

Manage User Groups

Manage User Authentication Attributes

Manage Authentication Agents

Manage Trusted Realms

Manage On-Demand Authentication

Provisioning Requests

You can limit the administrative scope of each role to a security domain and a identity source. You can also allow a provisioning administrator to delegate the role’s permissions to other administrators. For example, the Request Approver for a corporate division might want to delegate approval permissions to department-level administrators.

You can also assign provisioning permissions to any administrative role in Authentication Manager. Use the Security Console to configure administrative roles.