Admins
The Adminstab lets you create, delete, reset password, and manage 2-Step Verification for administrators to manage the Access portal. It also lets you activate and deactivate (enable or disable) the administrators.
The Reset Password and 2-Step verification is not available with Ivanti Access and Ivanti Neurons for MDM portal.
Admins added in the Ivanti Access tab will not have any Cloud role. They will only see the Ivanti Access tab. Admins added in the Ivanti Neurons for MDM tab may have Ivanti Access roles as well as Cloud roles depending on what they are assigned.
Figure 1. admins tab
An administrator can perform tasks such as reset password, create Federated Pairs, create rules with conditional policies, and so on based on his role. These tasks are grouped as Configuration, Self Service, User Management, and viewing Analytics and Dashboard only tasks.
|
Dashboard and Reports |
Configuration |
User Management |
|
Viewing Dashboard and Reports only. |
•Create a new profile •Create, Edit, and Delete federated pairs •Create, Edit, and Delete conditional access policies •Configure split tunneling •Manage branding •Manage certificates |
•Create admin •Delete admin •Reset admin (not Applicable for Access Ivanti Neurons for MDM portal) •Enable and Disable administrators •Change administrator role •Disable 2-Step Verification (not Applicable for Access Ivanti Neurons for MDM portal) |
The administrator task details are provided in the following table:
|
Role |
Tasks based on Roles |
|
|
Root Admin |
A Root Admin is created by the tenant provisioning process. A Root Admin has all the permissions and can perform all the tasks as mentioned in the above table. The Root Admin cannot be disabled or deleted. |
|
|
Super Admin |
A Super Admin can perform Read-only, Configuration, and User Management tasks. A Super Admin can delete all other admins, except Root Admin. |
|
|
Admin |
An Admin can perform Read-only and Configuration tasks. An Admin cannot delete any other admins. |
|
|
Read-only Admin |
A Read-only Admin can perform Read-only tasks only. A read-only Admin cannot delete any other admins. |
|
Adding an administrator
A Root Admin and a Super Admin can add multiple role-based administrators.
When adding an Admin, do not use ivanti.com as the domain.
Before you begin
•Verify that you have understood the various Admin Roles available in Ivanti Access. See Admins.
•Verify that you have the correct password to authorize the Admin creation.
Procedure
| 1. | Navigate to Settings > Admins and click + Add Admin. |
The Add New Admin window opens.
| 2. | In the Admin details panel, enter the following information in appropriate fields: |
| - | First name |
| - | Last name |
| - |
| - | Display name |
| 3. | In the Admin Roles panel, select one of the following roles for the administrator: |
| - | Super Admin |
| - | Admin |
| - | Read-only Admin |
| 4. | Click Save. |
The new Admin is created.
Deleting an administrator
You can delete an admin based on your role.
•A Root Admin cannot be deleted.
•A Root Admin can delete other administrators.
•A Super Admin can delete all other administrators, except administrators with Root Admin role.
•The Admin and Read-only Admin cannot delete any administrators.
•The Admin role cannot delete their own account.
Before you begin
•Verify that you have understood the various Admin Roles available in Access. See Admins.
•Verify that you have the correct password to authorize the Admin deletion.
Procedure
| 1. | Navigate to Settings > Admins. All the available administrators are displayed. |
| 2. | Click  in the Actions column of the admin you wish to delete. |
| 3. | The admin is deleted successfully. |
You must always provide your login password to manage the administrators created.
Resetting password for an Access administrator
Resetting the password for an Ivanti Access administrator is not applicable for Ivanti Access and Ivanti Neurons for MDM portal.
Administrators can reset the password of another administrator based on their role. The Audit log captures who reset the password. Self-reset password is not allowed as ‘Change Password’ is the specified option. Password reset is not allowed on a deactivated account.
The permission matrix for the roles to reset the password is as below:
|
Performs Action |
Root Admin |
Super Admin |
Admin |
Read-only Admin |
|
Root Admin |
x |
yes |
yes |
yes |
|
Super Admin |
yes |
yes |
yes |
yes |
|
Admin |
x |
x |
x |
x |
|
Read-only Admin |
x |
x |
x |
x |
Before you begin
•Verify that you have understood the various Admin Roles available in Ivanti Access. See Admins.
•Verify that you have the correct password to authorize the password reset.
Procedure
| 1. | Navigate to Settings > Admins. All the available administrators are displayed. |
| 2. | Click  in the Actions column for the administrator you wish to reset the password.The password is reset and the affected administrator is emailed with the details to reset the password. |