Need to know what privileges and access rights are needed for the RSA Administrator account to collect and manage Identities, Licenses, and other O365 entitlements in RSA Via L&G? I have read through the Connector and Collector sheets provided by RSA, but that is clear as mud.
So basically the role assignment is either Global Admin or User Management? Since RSA is incorporating the PowerShell environment, what access permissions will the RSA Admin account require in the Powershell server?
Larry Carter, Information Security Architect, Enterprise Security
office: 919.765.3157 | mobile: 919.656.5605 | larry.carter@bcbsnc.com<mailto:joe.sinsangkeo@bcbsnc.com>
RSA Admin account does not need those rights, it is not used to connect to the endpoint.
It is the account that is collecting or provisioning needs those permissions. In other words the account that will run the powershell scripts would need such permissions. When you are configuring the collector or the connector, there is a configuration for UserName who is the administrator on which PowerShell SSH server is installed. That user needs to have those permissions.
Normally a User Management Admin role should suffice but it has itls limitations, it all depends what are the user populations that you need to work with. A Global Admin role will be a safer bet.
For more details, refer to the following:
Permissions in Office 365 - Office 365