If you have a reason to assign different policies, labels, configurations, or apps to a group such as help desk workers or executive staff, then you have a reason to create a device space for that group and assign an administrator or group of administrators to manage the devices and users in that device space.
When you design a Ivanti EPMM system that uses delegated administration, there are questions you need to answer about your Ivanti EPMM system. The first task is to decide how you want to divide your system into device spaces. For example, you could create a device space for:
- Help desk groups in your company (Help Desk France, Help Desk Germany).
- Business units (West Coast Sales, HQ Finance).
- Countries where your company has offices (England Office, Holland Office).
Your Ivanti EPMM system can support any combination of these device space types and more.
After you decide what device spaces to create, plan what tasks the administrators assigned to each device space will perform. For example:
- Do you want to give administrators in the Toronto office the ability to view the devices and users assigned to that office, or should they be able to perform additional tasks, such as wiping all corporate apps from the devices they manage?
- Do you want to give your front-line help desk workers in Texas the ability to view application details for their callers' devices?
- Should administrators in the Sydney office be able to assign labels and policies to the devices they manage?
- Should administrators in the Sydney office be able to add a set of their Apps and Configurations, and distribute it to the devices they manage?
Once you answer these and other questions about your Ivanti EPMM system, study the available roles and permissions presented in “Administrator roles” in Getting Started with Ivanti EPMM to determine which roles to assign each group of administrators in each device space.
Using roles, you can create administrative tiers within a device space. Suppose you set up device spaces for different countries (for example, the United States, Germany and France). You could then create two help desk administrator groups for each device space, one for front-line workers, who have minimal permissions and one for back-line workers, who have additional permissions. To this scenario, you could also add the ability for a local administrator to assign policies and configurations. You can also assign the distribute apps role to the space administrators.
You need to think about the reasons why you would segment your user population. These needs will guide how you set up your device spaces.
Before setting up delegated administration in your Ivanti EPMM system, assess your needs for labels. This is true if you are setting up a new installation or if you are adapting an existing installation.