Managing administrators | SecurityHub

  • Updated

Applies to: Global Org Admins, IT Admins and Compliance Admins
 

SecurityHub has three customer-facing admin roles. From most privileges to least, they are Global Org Admin, IT Admin and Compliance Admin. SecurityHub must have a minimum of one Global Org Admin that is provisioned by Intralinks. Only SecurityHub Global Org Admins can invite and delete other Global Org Admins. Compliance Admins can only view the Admins tab. Neither the Global Org Admin or the IT Admin can edit or delete themselves.

If you have been added as a Global Org Admin as part of a domain request, you are added as a provisional admin until the request has been approved. As a provisional Global Org Admin, you can only add another Global Org Admin that will also be added as a provisional Global Org Admin. You can also delete other provisional admins. See Managing Domains for more information.

SecurityHub roles

All admin roles have access to all features that are available to your organization, however, not all roles can perform all actions, such as editing and deleting items. The following roles are available in SecurityHub:

Global Org Admin

This role grants the highest level of access for overseeing all aspects of the Admin Portal and user access. This role can access all features and configure, modify, and delete access to all features including configurations made by other users.

  • Security Dashboard - This role can access all features.
  • Security and compliance reports - This role can access all features, including modifying and deleting schedules created by other users.
  • Identity+ - This role can access all features.
  • Admin management - This role can modify and remove other users but cannot modify or remove themselves. This role is the only role that can invite and assign another Global Org Admin to the organization.
  • Single sign-on (SSO) -  This role can access all features, including modifying and deleting connectors created by other users.
  • Access control at login - This role can access all features, including modifying and deleting rules created by other users.
  • MFA - This role can access all features, including modifying and deleting rules created by other users.
  • Domain Management - This role can access all features, including modifying and deleting domain requests created by other users.
  • User Management - This role can suspend and unsuspend users.

IT Admin

This role is for admins that will perform general tasks related to user security. This role has access all features but can only modify and delete configurations that they created.

  • Security Dashboard - This role can access all features.
  • Security and compliance reports - This role can access all features. This role cannot modify or delete schedules created by other users.
  • Identity+ - This role can access all features.
  • Admin management - This role can modify and remove other IT Admins and Compliance Admins, but cannot modify or remove themselves or the Global Org admin users. This role can invite other IT Admins to the organization.
  • Single sign-on (SSO) - This role can access all features, but cannot modify or delete connectors created by other users.
  • Access control at login - This role can access all features, but cannot modify or delete rules created by other users.
  • MFA - This role can access all features, but cannot modify or delete rules created by other users.
  • Domain Management - This role can access all features, but cannot modify or delete rules created by other users.
  • User Management - This role can suspend and unsuspend users.

Compliance Admin

This role is for admins that will perform compliance-related activities, such as reviewing policies, reports and audits. This role has view-only access. 

  • Security Dashboard - This role can access all features.
  • Security and compliance reports - This role can access all features. This role cannot modify or delete schedules created by other users.
  • Identity+ - This role can access all features.
  • Admin management - This role has view-only access.
  • Single sign-on (SSO) -  This role has view-only access.
  • Access control at login - This role has view-only access.
  • MFA - This role has view-only access.
  • Domain Management - This role has view-only access.
  • User Management - This role has view-only access.

Icons_Approved.svg How to add an admin

  1. Click the Admins tab.
  2. Click Add an Admin.
  3. In the Email field, enter the user's email address.
  4. In the Role field, select a role for the user.
  5. Click Add.

Icons_Approved.svg How to edit an admin

  1. Click the Admins tab.
  2. In the row of the user that you want to change, click the Edit icon.
  3. Make any changes and click Save.

Icons_Approved.svg How to delete an admin

  1. Click the Admins tab.
  2. In the row of the user that you want to delete, click the Remove icon.
  3. Click Remove to confirm.

 

 

Was this article helpful?