Admins

The Adminstab lets you create, delete, reset password, and manage 2-Step Verification for administrators to manage the Access portal. It also lets you activate and deactivate (enable or disable) the administrators.

The Reset Password and 2-Step verification is not available with Ivanti Access and Ivanti Neurons for MDM portal.

Admins added in the Ivanti Access tab will not have any Cloud role. They will only see the Ivanti Access tab. Admins added in the Ivanti Neurons for MDM tab may have Ivanti Access roles as well as Cloud roles depending on what they are assigned.

Figure 1. admins tab

An administrator can perform tasks such as reset password, create Federated Pairs, create rules with conditional policies, and so on based on his role. These tasks are grouped as Configuration, Self Service, User Management, and viewing Analytics and Dashboard only tasks.

Table 33.  administrator task details

Dashboard and Reports

Configuration

User Management

Viewing Dashboard and Reports only.

Create a new profile

Create, Edit, and Delete federated pairs

Create, Edit, and Delete conditional access policies

Configure split tunneling

Manage branding

Manage certificates

Create admin

Delete admin

Reset admin (not Applicable for Access Ivanti Neurons for MDM portal)

Enable and Disable administrators

Change administrator role

Disable 2-Step Verification (not Applicable for Access Ivanti Neurons for MDM portal)

The administrator task details are provided in the following table:

Table 34.  administrator roles

Role

Tasks based on Roles

Root Admin

A Root Admin is created by the tenant provisioning process. A Root Admin has all the permissions and can perform all the tasks as mentioned in the above table. The Root Admin cannot be disabled or deleted.

Super Admin

A Super Admin can perform Read-only, Configuration, and User Management tasks.

A Super Admin can delete all other admins, except Root Admin.

Admin

An Admin can perform Read-only and Configuration tasks.

An Admin cannot delete any other admins.

Read-only Admin

A Read-only Admin can perform Read-only tasks only.

A read-only Admin cannot delete any other admins.

Adding an administrator

A Root Admin and a Super Admin can add multiple role-based administrators.

When adding an Admin, do not use ivanti.com as the domain.

Before you begin 

Verify that you have understood the various Admin Roles available in Ivanti Access. See Admins.

Verify that you have the correct password to authorize the Admin creation.

Procedure 

1. Navigate to Settings > Admins and click + Add Admin.

The Add New Admin window opens.

2. In the Admin details panel, enter the following information in appropriate fields:
- First name
- Last name
- Email
- Display name
3. In the Admin Roles panel, select one of the following roles for the administrator:
- Super Admin
- Admin
- Read-only Admin
4. Click Save.

The new Admin is created.

Deleting an administrator

You can delete an admin based on your role.

A Root Admin cannot be deleted.

A Root Admin can delete other administrators.

A Super Admin can delete all other administrators, except administrators with Root Admin role.

The Admin and Read-only Admin cannot delete any administrators.

The Admin role cannot delete their own account.

Before you begin 

Verify that you have understood the various Admin Roles available in Access. See Admins.

Verify that you have the correct password to authorize the Admin deletion.

Procedure 

1. Navigate to Settings > Admins.
All the available administrators are displayed.
2. Click in the Actions column of the admin you wish to delete.
3. The admin is deleted successfully.

You must always provide your login password to manage the administrators created.

Resetting password for an Access administrator

Resetting the password for an Ivanti Access administrator is not applicable for Ivanti Access and Ivanti Neurons for MDM portal.

Administrators can reset the password of another administrator based on their role. The Audit log captures who reset the password. Self-reset password is not allowed as ‘Change Password’ is the specified option. Password reset is not allowed on a deactivated account.

The permission matrix for the roles to reset the password is as below:

Table 35.   Permission matrix

Performs Action

Root Admin

Super Admin

Admin

Read-only Admin

Root Admin

x

yes

yes

yes

Super Admin

yes

yes

yes

yes

Admin

x

x

x

x

Read-only Admin

x

x

x

x

Before you begin 

Verify that you have understood the various Admin Roles available in Ivanti Access. See Admins.

Verify that you have the correct password to authorize the password reset.

Procedure 

1. Navigate to Settings > Admins.
All the available administrators are displayed.
2. Click in the Actions column for the administrator you wish to reset the password.
The password is reset and the affected administrator is emailed with the details to reset the password.