Managing administrators

In Airlock SaaS, administrators are responsible for the administration and operation of the Airlock SaaS service. The first SaaS Administrator, who created the SaaS customer account by registering for SaaS, holds per default all available roles and permissions, and has access to all tenants, administrators, and end-users. They may also invite other administrators and assign the invited administrators to tenants.

Invited administrators can by default only perform tasks on end-users, such as search for and manage end-users, view end-user logs, -profiles and authentication tokens. It is possible to assign additional roles to the invited administrator, depending on their task.

This article explains how to invite, edit (including the assignment of roles and tenants) and lock/delete administrators. See below for instructions. For a detailed overview of the available roles and permissions, see SaaS roles and permissions.

Prerequisites

To invite, manage, and delete administrators, the role AMC - Manage administrators is required. This role is by default part of the SaaS Administrator role, but can also be assigned separately to any administrator.

Location in the SaaS Management Center

You manage administrators in the Administrators dialog of the Airlock Console. For this, go to Administration > Administrators.

Inviting a new administrator

To invite a new administrator, click the Invite administrator button in the Administrators dialog. Fill the fields of the appearing window with the details of the person you want to invite as administrator, and click Send invitation to send the invitation to the dedicated person.

 
Functional limitation

It is currently not possible to alter the mobile phone number of the invited administrator if you entered it incorrectly when inviting this person. In this case, first delete the invited administrator in the Airlock SaaS Management Center, then send out a new invitation.

Accepting an invitation

If you are invited to become an administrator of the SaaS Management Center, you have three days to accept. Once you have started the accept-invitation flow, you must complete it in one stretch.

Proceed as follows:

  1. Click the Accept invitation button in the invitation email.
  2. Next, you will receive an SMS code on your mobile phone.
  3. Go to the login page of the Airlock SaaS Management Center, and enter the SMS code in the login screen. This is to confirm your mobile phone number.
  4. Next, choose a secure password.
  5. To enhance security, you must enable multi-factor authentication with the Airlock 2FA app. Install the Airlock 2FA app on your mobile phone and activate your Airlock 2FA account by scanning the online displayed QR code.
  6. You have now completed the accept-invitation flow and are ready to use the Airlock SaaS Management Center.

Modifying an administrator's tenant access

Upon inviting an administrator, you specify the tenant(s) to which the invited administrator should have access. If required, it is possible to change the tenant access of an administrator later on. This happens in the Administrators dialog of the SaaS Management Center.

 
Notice

Administrators with the following roles have by default access to all tenants within the organization: AMC - Manage tenants, Airlock SEC, SaaS Administrator. It is therefore not possible to edit their tenant access.

Proceed as follows:

  1. In the Administrators dialog, find the entry of the respective administrator in the administrator list. Select Edit tenant access from the context menu on the right-hand side of the entry.
  2. The appearing popup window lists all available tenants. Enable or disable the respective tenant's checkbox to allow or remove access, respectively.
  3. Click Save to apply your changes.

Editing the profile of an administrator

Editing an administrator's profile includes modifying their name or email address as well as assigning or removing roles. These actions are performed in the Management Center's own Adminapp, in which you can manage the details of all SaaS administrators. This Adminapp is identifyable by the black left sidebar - see also Tenant color concept. Proceed as described in the instructions below.

Editing the administrator details in the Management Center's Adminapp

  1. In the Administrators dialog, find the entry of the respective administrator in the list.
  2. Select Edit administrator from the context menu on the right-hand side of the entry.
  3. The details of the administrator are displayed in the Management Center Adminapp.

  4. The Adminapp contains the following tabs:

    • Overview - This tab shows the user-, login- and lock/unlock details of the respective administrator.
    • Profile - This tab allows you to update the administrator's profile, including first and last name, user handle, email address, and assigned roles.
      • User Handle: Refers to the administrator's username used to authenticate to the SaaS Management Center.
      • Note: Changing the user handle does not update the display name in the Futurae/Airlock 2FA application.
    •  
      Notice

      After modifying the administrator's profile, always click Save to apply your changes.

    • Authentication Methods - This read-only tab shows the (active) authentication method used by the administrator.
    • Password - This tab shows read-only meta data on the administrator's authentication password. Clicking Send reset email will trigger a password reset flow.
    • The next read-only tabs show details on the other authentication methods available for the adminstrator, e.g., Airlock 2FA, mTAN/SMS.
    • Activities - This tab lists the latst activities of the respective administrator.

Assigning roles to or removing roles from an administrator

  1. Go to the Profile tab of the Adminapp.
  2. In the User Profile section, the Active Roles list to the right shows all roles currently assigned to the respective administrator, the Available roles list to the left those roles that are still available for the administrator.
    1. To assign an additional role to the administrator, click the relevant role in the Available roles list to the left, then click the >> icon. The role is added to the Active Roles list to the right.
      Repeat the above step for all roles you want to assign to the administrator.
    2. To remove a role from the administrator, click the relevant role in the Active Roles list to the right, then click the << icon. The role is added to the Available roles list to the left.
      Repeat the above step for all roles you want to remove from the administrator.
    3. Click Save to apply your changes.

Locking or unlocking an administrator

An administrator may get locked out of the application due to various security reasons. It is possible to control the lock state of an administrator and amend it. This is done in the Overview tab of the Management Center Adminapp. Modify the administrator's locking situation in the User Locking section on the lower right-hand side of the tab.

Deleting an administrator

It may be necessary to delete an administrator from your SaaS organization. This is done in the Profile tab of the Management Center Adminapp. Click the red Delete button in the lower left corner of the tab. Confirm the deletion in the following popup window. The administrator will be deleted instantly. Any currently active session will not remain as it does not get revoked.