Add SaaS Security API Administrators

Create additional administrator accounts with specific privileges on SaaS Security API.
Initially, to create new administrator accounts on SaaS Security, log in as the administrator with the Super Admin role, which is the role assigned to the user specified in the order fulfillment email. With the Super Admin role, you can create additional administrator accounts, assign administrator roles, and create teams.
As an admin of a team, you can create other admin accounts with access to the SaaS applications assigned to your team but only a Super Admin role can create other Super Admin accounts. You do not need to create administrator accounts for end users who use the application to create or share content within each SaaS application.
With SaaS Security:
  • If you add an administrator with an email that
    already exists
    in Customer Support Portal (CSP), that administrator’s SaaS Security account will be linked to the administrator’s CSP account.
  • If you add an administrator with an email that
    does not exist
    in CSP, then an account will be automatically created for that administrator on SaaS Security API, as well as an account in CSP tied to your organization.
  1. Select
    Settings
    Admin Accounts
    and
    Add Administrator
    .
  2. Enter the
    Name
    and
    Email
    address of the new administrator.
  3. Choose an
    Authentication Type
    , if you preconfigured these options:
    • Single Sign-On (SSO)—SAML SSO authentication enables you to grant admin access with seamless authentication using a single set of credentials. This option eliminates the need for application or service specific passwords. Configure SAML Single Sign-On (SSO) Authentication to activate this option. If you enable SSO, you do not have to create administrator accounts on the local database.
    • Local Authentication— You can select Configure Google Multi-Factor Authentication (MFA) to grant admin access only after successfully presenting a pass code pair or QR barcode as evidence (additional factor) to authenticate to SaaS Security.
      Local authentication is not supported for SaaS Security API activated on the hub.
  4. Select the administrative
    Role
    :
    You can select any of the following predefined roles, or you can Add a Custom Admin Role for enabling more granular access to the functional areas of SaaS Security API. See Predefined Role Privileges for the list of functional areas configured for each predefined role.
    • Super Admin
      —A read-write administrator account that allows full functionality within SaaS Security API, including global account settings, creating administrator accounts, and assigning administrator roles.
    • Admin
      —A read-write administrator account that allows full functionality within SaaS Security API, including the ability to automatically or manually remediate risks and create additional administrator accounts.
    • Incident Management Admin
      —An administrator account that allows granular access to investigate and remediate incidents only.
    • Limited Admin
      —An administrator account that allows the administrator to assess incidents and remediate risks. This administrator cannot access SaaS Security API settings or modify policy rules.
    • Read Only
      —An administrator account that allows the administrator to view information collected by SaaS Security API and generate reports but does not allow the administrator to make changes. For example, this administrator can access incidents, but cannot remediate risks.
    • Custom Role
      —An administrator account with custom permissions to allow specific management tasks that meet your organizational needs.
  5. Select the
    Team
    to assign the administrator to.
    If you have not created any custom teams, assign the administrator to the predefined
    All Apps
    team.
  6. Select the default
    Language
    for the new administrator.
  7. Save
    your changes.
    To verify the role associated with administrator, search using the email address. You can also download a CSV file to view the complete list of all administrative users configured on SaaS Security.

Recommended For You