OneLogin has seven types of users, which have different sets of privileges. Owner and Super User have all of the privileges of the types listed above it. Otherwise, you must assign privileges separately (for example, User Managers does not include the Assume User privilege; you must assign the latter separately).
- User - can only access the dashboard
- Assume User - can assume users but cannot alter functionality
- App Credential Manager - User can control which application login credentials will be shared amongst users.
- Group Manager - can manage all the users in the groups it's an admin of
- User Manager - can manage all the users
- Super User - has access to all functionality, except encryption policy
- Owner - has access to all functionality
OneLogin also has two user privileges related to handling subscriptions and sub-accounts.
- Manage Subscriptions - Can only manage the subscription and pricing level of the account.
- Manage Accounts - Can manage sub-accounts of master reseller account.
Note: that the Manage accounts privilege is only used by resellers of OneLogin
For more information on user privileges, see Privileges.
Users are employees or contractors who use applications and have no administrative privileges. All users can add personal applications though, if the account allows it.
Groups are used to delegate administration of users. For example, someone in sales may be responsible for managing access to sales-related applications. To enable someone to be a group admin, under the User Profile select Privileges and select the Manage Groups permission. To add more than one group management just add a second privilege.
If you want a group admin to be able to assume users, you must give them Assume Users permissions separately.
User admins are able to manage all users, which might include managing application access. To enable someone to be a user admin, under the User Profile select Privileges and select the Manage Users permission. If you want a user manager to be able to assume users, you must give them Assume Users permissions separately.
Admins (Super Users)
Admins have full access to all the administrative functionality except billing and changing the encryption policy, which only the owner can do. To enable someone to be an admin, under the User Profile select Privileges and select the Super User permission.
The account owner is responsible for the OneLogin account and is also the billing contact by default.
Every user in OneLogin is automatically assigned an OpenID issued by OneLogin. The advantage of using OneLogin's OpenID as opposed to a one issued by a third party is that the employer has full control over the employee's OpenID identity and can withdraw it at any time.
Users can add personal apps if the administrator allows it. Personal apps are only visible to the users themselves. The audit trail does not log any activity for personal apps and admins are not able to see personal apps on users' dashboards when they assume them.