Skip to main content

Role-Based Access Control

Overview#

eGuardian has several defined roles to help you manage access within the User Dashboard. By default, eGuardian provides the following roles:

User#

A user is the lowest level allowed to log in to the dashboard. They can see and manage their own information:

The user role is automatically assigned to all users in the system--no additional action is required.

Help Desk#

In addition to the privileges of a normal user, a user with help desk access can view the organization's IdP settings and general information. They can view Audit Logs for members of the organization and manage the following:

  • Manage secondary email addresses
  • Update mobile phone number
  • Lock the user
  • Unpair devices and workstations
  • Revoke workstations

This role can be granted or revoked via the Object Management API or by SecureAuth personnel.

Organization Admin#

An organization admin is the highest level of access within an organization. They can do everything a help desk user can plus the following:

  • Edit organization settings
    • IdP Configuration
    • User Directory Configuration
    • Add or remove organization administrators
    • Manage organization domains
  • Manage policies
  • Manage applications
  • Add and assign certificates
  • Manually confirm members' email addresses and mobile phone numbers
  • Unlock member users

An organization admin can add another user as an organization admin from the Organization Settings page. Additionally, the role can be granted or revoked via the API or SecureAuth personnel.