PingDirectory

Introduction to Delegated Admin

Delegated Admin is an add-on to PingDirectory that enables the delegation of user and group management.

Delegated Admin lets organizations assign responsibilities associated with the management of identities in the PingDirectory server to a subset of administrators.

These delegated administrators can be any user outside the organization’s IT department, including a customer.

The following employees typically fulfill roles that involve at least a basic level of identity management and represent strong candidates for inclusion in a group of delegated administrators:

  • Help desk or customer service representatives who unlock and reset passwords

  • Managers and Human Resources administrators who update employee profiles

  • Application administrators who update identity attributes and manage access to applications

Delegated Admin Features

Delegated Admin lets delegated administrators complete tasks across groups, subtrees, and entire organizations.

Tasks include:

  • Create, view, and search user profiles.

  • View user account information, including account status, last login time, and password expiration date.

  • Update user attributes.

  • Implement constructed attributes.

  • Set attributes to read-only.

  • Enable and disable accounts.

  • Reset locked accounts.

  • Create and edit groups.

  • Manage the membership of groups and subgroups.

  • Manage the roles of users and groups.

  • Delete users, groups, and generic resource types.

  • Implement custom UI form fields.

  • Select user entries based on their distinguished names (DNs) without displaying the actual values of the DNs.

  • Preview and download reports about user profiles. Reporting provides the following features:

    • Capability to report for resources of a given type or limited to members of a group

    • Ability to display multiple values per attribute for each user

    • Protection against spreadsheet formula injection

  • Upload CSV files to add user, group membership, or organizational unit (OU) records.

  • Trigger a password reset process for a user that invokes the self-service password reset process defined by the business.

  • Configure REST Resource Types to correlate to other resource types to create one-to-many relationships without schema changes. Edit or delete linked entries from the edit page of the primary entry.