Roles (4271353)

This article covers the following topics:

• About roles
• Creating roles
• Adding users to roles manually
• Adding users to roles automatically using mappings
• Delegating role management

About Roles

The most efficient way to control your users' access to apps is through OneLogin roles.

A role in OneLogin is simply a collection of apps. You create a role, assign apps to it, and when you assign users to the role, you grant them access to all of the apps included in the role. This gives you the ability to give or take away a user's access to multiple apps at one stroke.

You should design your roles to reflect groups of users who tend to use the same set of apps. Typically this means creating roles by job function or department (Sales, Finance, Engineering, etc).

Note that you can add any given app to multiple roles.

Some additional best practices include:

• Create an Employees role for apps that are shared by all employees in your organization.
• Create default on-boarding and off-boarding roles to give users access to the apps they might need before they start on Day One and after they leave employment (typically HR apps).
• Only create a role if more than one user will be added to it.

Roles are useful not just for efficient assignment of users to apps. You can also use them to make OneLogin administration easier:

• Filter by role when you search for users.

• Filter by role when you perform bulk user updates.

• Filter by role when you invite users to use OneLogin.

• Use roles in conditions and actions when you create Mappings and Notifications.

• View