About the Identity Administrator Role
The identity administrator role in Virtru systems gives the granted user the permissions to make changes to the organization’s authentication settings, which currently means editing SSO configurations and IP whitelist configurations. This role should only be given to any user who would be expected to have the power to make changes to an organization’s SSO settings.
By default, all organization administrators have the identity administrator role and can grant the role to other users. Conversely, though, having the identity administrator role does not give a user the ability to grant other users the identity administrator role. Thus, do not grant the organization administrator role to any user who should not also be an identity administrator.
The identity administrator has the ability to make changes to the SSO configuration that can prevent other users from logging into Virtru services, including the Control Center where the SSO configuration itself is configured!
Granting the Identity Administrator Role
- Log in to the Virtru Control Center using a Virtru Administrator account for the target organization domain using whatever method is enabled for the organization (if SSO has not yet been enabled, use federated OAuth, if SSO has been enabled, use SSO)
- Click on the “Users & Groups” navigation item
- Click on the target user in the list you wish to grant the identity administrator role to. If the desired user is not visible in the list, search for them using the search bar first.
- In the resulting modal, click on the toggle switch next to “Identity Administrator”. Reminder: Organization administrators already have the identity administrator role by default.
- The target user now has the identity administrator role