Create and Manage Roles

Roles control the operations that a user can perform in their Instant ID as a Service account. A role defines a list of system entities and the permissions for those entities.

There are six system-defined roles. Administrators can also create custom roles. Changes to a role take effect the next time the user logs in. System-defined roles cannot be changed.

System-defined roles include:

  • Auditor: This role gives view-only access to the features available on the administrator portal. It has the Manage All Roles permission setting enabled by default. This setting allows administrators with this role to manage all user and role settings. This includes being able to assign a role to a user.
  • Super Administrator: This role provides full access to the features available on the administrator portal. It has the Manage All Roles setting enabled by default.
  • Help Desk Administrator: The Help Desk Administrator role can manage other user accounts with the Auditor and Help Desk Administrator roles and those without a role (end users). They cannot manage users with Super Administrator or custom roles. The Manage All Roles setting cannot be modified for this role.
  • SIEM Add-on: This role provides full access to all SIEM management functions in view-only mode
  • Issuance Administrator: Manages printers, print jobs, and Issuance administration.
  • Issuance Operator: Creates an Issuance API application that is used to issue print jobs.

For additional information, refer to the How to Configure Groups, Roles, Users and Authenticators - Instant IDaaS video tutorial.

Note: MSPs with Super Administrator and Issuance Administrator roles can access new notifications containing links to release notes for every Instant ID as a Service release.

Create a Custom Role

  1. Select Main Menu > Members > Roles. The Roles List page opens.
  2. Click Add . The Add Role page appears.
  3. Enter a Name for your custom role.
  4. Enter a Description for your custom role.
  5. Choose one of the following options:
    • Select Manage All Roles to allow those assigned this role to manage all users. Or:
    • Do not select Manage All Roles and from the Select Roles to Manage drop-down list, select the roles that you want the users assigned this role to manage.

      When you select a role, it appears in the Administrator is allowed to manage these roles list. To add more roles, select the next role from the drop-down list.

  6. Select the System Entities and permissions for the custom role.

    The system entities define the functionality the role can access. For example, if you create a custom role called Marketing and want to only allow users with the Marketing role to have access to the Theme page, you would set the Account Branding Customization system entity to All to allow users with the Marketing role access and edit the Theme page.

  7. Click Add to create the role.

Clone a Role

You can create a copy of an existing role.

  1. Select Main Menu >Members > Roles. The Roles List page appears.
  2. Click Clone next to the role you want to clone.
  3. Click Add . The Add Role page appears. By default, Copy is appended to the name of the role you are cloning.
  4. Change the role Name, as required.
  5. Edit the role Description, as required.
  6. Choose one of the following options:
    • Select Manage All Roles   to allow those assigned this role to manage all users.

      or

    • Do not select Manage All Roles. From the select Roles to Manage drop-down list, select the roles that you want the users assigned this role to manage.
    • For example, if you want to create a custom role called Super Auditor that allows the role to manage all users assigned the Auditor role, select Auditor from the drop-down list.

    Note: You can select more than one role to manage.

  7. Edit the System Entities, as required.

    System entities define the functionality the role can access. For example, if you create a custom role called "Marketing" and want to only allow users with the Marketing role to have access to the Theme page, you would set the Account Branding Customization system entity to All to allow users with the Marketing role access and edit the Theme page.

  8. Click Add.

Edit a Custom Role

  1. Click Main Menu > Members > Roles. The Roles List page appears.
  2. Click the name of the custom role you want to edit. The Add Role page appears.
  3. Modify the settings as required.
  4. Click Add.

Delete a Custom Role

  1. Select Main Menu > Members > Roles. The Role List page appears.
  2. Click next to the role you want to delete.
  3. Click Delete on the confirmation prompt.

System Entities

A system entity is the functionality available to the assigned role in Instant ID as a Service. Click the system entity for more details about its function.

  • Account and Authenticator Settings: Controls the settings of the different authenticators available on Entrust Adaptive Issuance Instant ID as a Service.
  • Account Branding Customization:Allows users to customize the appearance of their Entrust Adaptive Issuance Instant ID as a Service account and email templates.
  • Account Entitlement Status: Allows users to see the number of entitlements assigned to their account. Account entitlements define how many users can be created within an account.
  • Account Reports: Allows users to monitor their account activity. Users can generate reports on specific account metrics.
  • Application Template Management:Allows access to the configuration settings needed to add an application to your Instant ID as a Service account.
  • Applications Management: Allows users to configure their application accounts so that they are accessible after authenticating to Entrust Adaptive Issuance Instant ID as a Service.
  • Bulk Enrollments: Allows users to perform bulk import of enrollment records into Entrust Adaptive Issuance Instant ID as a Service.
  • Credential Design Management: Allows users to create and manage credential designs.
  • Enrollments: Allows users to manage enrollment records.
  • Export Reports: Allows users to export user, grid card, and audit reports.
  • Groups Management: Controls the groups available on an account. A group is a collection of users given access to applications based on the resource rules assigned to them.
  • Issue Credentials: Allows users to enroll applicants and issue credentials.
  • Printer Management: Allows you to manage printers (create, delete, update, and view printers).
  • Resource Rules Management: Controls the resource rules that define the application access restrictions.
  • Roles Management: Controls the level of access each user has to the features on their Entrust Adaptive Issuance Instant ID as a Service account.

    Note: Selecting the Role Management system entity automatically enables the Manage All Roles setting.

  • Scheduled Task Management: Allows users to manage and schedule tasks.
  • Smart Card Management: Allows users to manage Smart Card Profiles.
  • User Attribute Management: Controls the information fields available in the user profile information.
  • User Management: This feature controls the user accounts listed in your Entrust Adaptive Issuance Instant ID as a Service account.
  • User Password Authenticator Management: Controls access to the password assigned to users.
  • User Role Management: Facilitates the assignment of a role to a user.
  • User Temporary Access Code Management: Provides access to view or create a temporary access code for a user. The temporary access code information can be seen except for the code itself (a character string). Accessing the code value requires a role with the User Temporary Access Code View Value.
  • User Token Authenticator Management: Allows users to control the hardware and soft token authenticators assigned to other users in their account.
  • Webook Management: Allows Enterprise tenants to register and configure webhooks.