This is not the latest version of Identity Director documentation.
View available documentation.

Manage access to the Management Portal

The local administrator account is a default account (admin) with a hard-coded password (unsecured). We recommend that you disable this after you have added at least one Group with Management Portal Access, and you are logged into the Management Portal with an account that is a member of that group.

To manage access to the Identity Broker Management Portal, go to the Settings tab of the portal

Settings Page of the Management Portal

  • You can add Groups with Management Portal Access by using the following formats:
    • For Active Directory groups: <Domain>\<GroupName>
      Example: MYCOMPANY\IB Admins
    • For Azure Active Directory groups: <GroupName>
      Example: IB Admins

    Make sure the Active Directory groups you use exist in your domain and only contains users who need to access the Management Portal. Built-in administrator groups should not be used directly, as Windows may not allow these groups to be resolved in all scenarios.

    • Built-in group MYCOMPANY\Administrators should not be used.
    • Built-in group MYCOMPANY\Administrators can be made a member of MYCOMPANY\IB Admins from the example above.

    Because Identity Broker has no direct connection to (Azure) Active Directory, groups cannot be validated when you add them.

  • You can Remove groups as long as you are a member of at least one of the remaining groups.
    • Configured Groups with Management Portal Access:
      • MYCOMPANY\IB Admins
      • MYCOMPANY\IT
      • MYCOMPANY\Support
    • You are a member of MYCOMPANY\IT and MYCOMPANY\Support.

    In this example:

    • you can remove MYCOMPANY\IB Admins and MYCOMPANY\IT, because you are a member of MYCOMPANY\Support.
    • you can remove MYCOMPANY\IB Admins and MYCOMPANY\Support, because you are a member of MYCOMPANY\IT.
    • you cannot remove MYCOMPANY\IT and MYCOMPANY\Support, because you are not a member of MYCOMPANY\IB Admins.

    This example applies to Active Directory groups. When working with Azure Active Directory groups, you should only use <GroupName>.

See also