Adding roles for users
A role is a set of privileges that can be assigned to a user. It consists of a name and application rights, which are either Admin or Support. Each role can be additionally limited to particular applications.
Support users can view almost all application and user settings but can only make changes to a small subset related to user support. They also have access to the Audit log and Dashboard.
Actions allowed for Support users include:
- Removing MFA entries for users (forcing them to re-enroll)
- Removing users from applications (forcing them to re-enroll)
- Creating and deleting Opt-in users
- Creating Bypass codes for users
The Admin role, on the other hand, allows for full application control (within the scope of applications bound to the role) but is limited to Dashboard, Applications, and Audit Log views.
All roles can be assigned to "All Apps" both as Support and Admin.
The last notable role is Superadmin, who can view and configure every part of the Broker and all applications.