Set up administrators
Description
Estimated time to complete: 15 minutes
In this use case, you operate as a super administrator and run tasks to view the tenant settings and invite other administrators on Advanced Identity Cloud.
Goals
After completing this use case, you’ll know how to do the following:
- 
View the tenant settings. 
- 
Invite other users to be administrators. 
Prerequisites
Before you start work on this use case, make sure you have these prerequisites:
- 
A basic understanding of: - 
The Advanced Identity Cloud admin console 
- 
The tenant environments 
- 
The support case creation process and the different priority levels. 
 
- 
- 
You have received an email from Ping Identity support to set up your administrator account for your tenant environments. 
- 
You have registered your Advanced Identity Cloud account and set up two-step verification in all environments (development, staging, and production). 
- 
Access to your development environment as a super administrator. 
- 
To test creating a test administrator, an additional email you have access to. 
Tasks
Task 1: View tenant settings
- 
In the Advanced Identity Cloud admin console, open the TENANT menu (upper right), and click Tenant settings. The Tenant Settings page displays.   
- 
Click Details to display your tenant’s information: Field Description Tenant name Specifies the identifier assigned to the tenant during onboarding and registration. This identifier is not configurable. Region Specifies the region where your data resides. Environment tag Describes the type of tenant environment. The possible tags are: - 
Dev: Environment used to build and add new features. The number of identity objects in a development environment is limited to 10,000. The 10,000 limit applies to the total sum of all identity object types combined, including applications, assignments, custom identity objects, groups, OAuth 2.0 clients, organizations, relationships, roles, SAML entities, policies, and users. 
- 
UAT: User acceptance testing (UAT) is a dedicated environment used for testing applications or capabilities with real users before deploying to production. The UAT and staging environments are used often in parallel to run different usability, stress, and load tests. The UAT environment is an Advanced Identity Cloud add-on capability. 
- 
Staging: Environment used to test development changes, including stress and scalability tests with realistic deployment settings. 
- 
Prod: Environment used to deploy applications into operational end-user activity. 
- 
Other: Environment other than Dev, Staging, or Prod. For example, a demo tenant. 
 Identity Cloud Version Displays the current version for your tenant. Click the Release Notes link to view the latest release notes. 
- 
- 
Click Global Settings to view the specific settings:   Field Description Content Security Policy Configure a Content Security Policy (CSP) to restrict access to resources used by your tenant environments or to restrict your tenant environment as a resource used by other websites. Learn more in Secure hosted pages with Content Security Policy. Cookie Copy the field value to the clipboard by clicking the icon. The Advanced Identity Cloud tenant cookie is a unique, pseudo-random session cookie for the tenant, generated when your tenant is created. You use the tenant cookie in HTTP headers for Advanced Identity Cloud API requests. Cross-Origin Resource Sharing (CORS) View the details, add, edit, deactivate, and delete a CORS configuration. CORS provides the ability to integrate web applications in one domain and interact with protected resources in another domain. Learn more in Configure CORS. Environment Secrets & Variables View the secrets and variables details. Environment Secrets & Variables (ESVs) are configuration variables letting you set values different from your development, staging, and production environments in the Advanced Identity Cloud. Learn more in Introduction to ESVs. IP Addresses Ping Identity allocates outbound static IP addresses to each of your development, staging, and production tenant environments (and to any sandbox[1] and UAT[2] tenant environments). This lets you identify network traffic originating from Advanced Identity Cloud and from individual environments within Advanced Identity Cloud. Log API Keys Use the log API key and secret to authenticate and access the Advanced Identity Cloud REST API endpoints. Learn more in Authenticate to Advanced Identity Cloud REST API with API key and secret. Service Accounts View, create, edit, activate or deactivate, delete, and regenerate your service account keys. Service accounts let you request access tokens for REST API endpoints. Learn more in Service accounts. SSL Configurations View and manage your own certificate signing requests (CSRs) and certificates. Learn more in Manage server certificates using the admin console. End User UI View and manage your hosted UI pages. Hosted UI pages support customizable themes for your Advanced Identity Cloud end-user UI. Learn more in Advanced Identity Cloud hosted pages. 
Task 2: Invite administrators
- 
In the Advanced Identity Cloud admin console, open the TENANT menu (upper right), and click Invite admins to send invitations to other users to become administrators. You are authorizing them to manage settings in your tenant.   From the tenant menu, you can add other administrators by clicking Tenant settings > Admins > Invite Admins. 
- 
In the Invite Admins dialog box, enter the test user’s email. 
- 
Click Tenant Admin to grant privileges to the test user. There are three types of administrator groups on Advanced Identity Cloud: - 
Super Admin: An administrator with full access to all administrative features and can manage every aspect of this tenant, including adding other administrators.
- 
Tenant Admin: An administrator with full access to all administrative features, except the ability to add other administrators.
- 
Tenant Auditor: An administrator with read-only permissions. Can access the same settings, configuration, and data as a tenant administrator but can’t modify them.
 
- 
- 
Click Send Invitations. 
 Advanced Identity Cloud sends an email to the test user’s address containing instructions to register an administrator account.  
Validation
You have viewed your tenant settings and invited other users to become administrators. Now, validate adding another administrator by registering and signing on as the additional administrator.
Register test administrator
- 
Access the email of the test administrator. 
- 
Click on the email from Advanced Identity Cloud. 
- 
Click Complete Registration. 
- 
Fill out the fields to register the test administrator. 
- 
Click Next. 
- 
Select your region of residence, agree to the privacy policy, and click Next. 
- 
Click Set up and register for 2-step verification. The Advanced Identity Cloud admin console displays. 
- 
Sign off as the test administrator and sign back on with your original administrator (super admin) account. 
Manage other administrators
- 
As the super admin, test deactivating, reactivating, and deleting the test administrator: 
- 
Click Tenant Settings. 
- 
Click the Admins tab to view the list of administrators. When an invited administrator successfully registers, the status column changes from InvitedtoActive.
- 
Find the test admin. Click the ellipsis icon (), and then click Deactivate. 
- 
For the same test admin, click the ellipsis icon (), and then click Activate. 
- 
For the same test admin, click the ellipsis icon (), and then click Delete. Then, click Delete on the confirmation dialog. The test admin no longer displays on the list of administrators.