This article provides an overview of administrative privileges in OneLogin. The following topics are included.
Sign in to your OneLogin admin portal and go to Users > Users to select the user.
In User Info, go to Privileges and click Add Privilege.
Select the Privilege you want to give the user from the dropdown menu. You may also need to select an App, Group, or Role to give the user administrative access to. Click Continue.
Click Save User to commit your changes.
Granting and revoking privileges are logged as events. View these events by signing in to your OneLogin admin portal and going to Activity > Events.
In the -- any event -- dropdown menu, search for permission to filter for privilege-related events.
A list of all of your users who are currently assigned privileges can be found in your standard reports. You can view it by signing in to your OneLogin admin portal and going to Activity > Reports, then selecting Privileged users.
To download your report, click Download CSV in the upper-right corner.
Users with no other privileges assigned receive portal access with the following abilities:
This privilege grants access to almost all of the abilities of account owners, including all user management functionality and app integration configuration, and most account management functionality.
This is a powerful privilege that allows the user to perform almost all user management tasks, including the abilities to:
This privilege is an add-on to the Manage users privilege that lets the user view another user's account the way they would see it. When assuming a user's account, you can view the user's personal account settings in order to diagnose improper configurations and troubleshoot issues, but you cannot view passwords for a user's apps that use form-based authentication, nor can you sign in to their apps or view their secure notes. This privilege can be overridden for specific apps.
With this privilege, the user can view and assume any unprivileged user, but cannot edit settings or configurations for the assumed account. This privilege is useful for your support team to diagnose end user issues, especially when the support agent needs to click through to see an app for the end user.
This privilege provides your support team with a subset of the Manage users abilities, including:
It does not allow the user to add, delete, or edit user attributes.
This privilege allows the user to perform app management tasks for any given app after it's been installed by a Super user or account owner. To allow a user to manage multiple applications, reapply this privilege for each app.
This privilege allows the user to view all items in Devices and in OneLogin Desktop and make edits to them, including:
This privilege gives the user administrative abilities over a specific group, allowing them to perform all Manage users tasks for users within that group.
This privilege gives the user administrative abilities over a specific role, allowing them to:
This privilege does not provide the ability to add apps to a role or remove them, or to create or edit mappings that apply to the role.
This privilege allows the user to edit the credentials of an app that has Credentials are configured by admin and shared by all users enabled in its Parameters shared among users. Users with this privilege have the option to edit applications when viewing the user portal. When selected, all apps they do not have access to manage will be grayed out. The shared credential admin can then select an available application to update its stored username and password for all users.
This privilege allows the user to manage sub accounts.
A OneLogin reseller account is required for this privilege.
This privilege allows the user to manage the subscription and pricing level of your reseller account.
A OneLogin reseller account is required for this privilege.
© 2024 ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center