Security and Access Control
Security and Access Control
The Adaptiva Admin Portal supports several forms of user authentication:
Active Directory
Open ID Connect (OIDC)
Security Asset Markup Language (SAML)
Internal Adaptiva User ID
During the installation of the Adaptiva Server, the installer allows the administrator to create an Adaptiva User ID or specify an AD user account as SuperAdmin. The SuperAdmin account has the maximum permissions in the Adaptiva environment.
Integration with 3rd party identity providers must be performed after installation.
Manage Administrators and Roles
Log in to the Admin Portal at
http[s]://AdaptivaServerFQDN[:port].Click the gear icon
> Settings > Security > Administrators. The Administrators view opens.
The Administrator account created during installation is displayed.
The default folders are Administrators > Windows Administrators. When you select a folder, the details pane will show the members of the selected folder.
Other folders may be exist depending on which products you have licensed, e.g. OneSite Admins, Advanced Endpoint Health Roles, Basic Endpoint Health Roles.
Add a new Administrator
Click the Administrators tab.
Administrators Click New.
The Administrator editor will appear. Complete the following sections:
User Details
User Details Admin Type: Specify if this is an Adaptiva, Windows AD, OpenID Connect, or SAML login.
Adaptiva
Email Address: Specify email address of administrator. This is a required field. The email address does not have to be a real or valid email address. It will become the account's username and will be required when using the Adaptiva login
Password: Specify a password for the new account. The password must be at least 10 characters long and include at least one uppercase letter, one lowercase letter, and one numeric character. Enter the same password in the Confirm Password box.
MFA Enabled: Require multi-factor authentication when administrator logs in.
Windows AD
Email Address: Specify email address of administrator.
Windows Domain: Enter the NETBIOS domain name of the account domain
Windows User Name: Enter the SAMAccountName of the user's domain account that will be created as an Adaptiva Administrator
OpenID Connect or SAML
Email Address: Specify email address of administrator.
Identity Provider: Select your provider. Create new OIDC and SAML providers in the Security > OIDC Providers and SAML Providers menus.
Subject ID: Enter the unique identifier for the application user.
Administrator Details
Administrator details Administrator Details require a valid First and Last name entry. Additional contact information is optional.
Direct Roles
Click Browse, select a role like All Admin Role, and click OK. This list represents all roles to which the administrator has been added directly.
Once you've completed the required fields, click Save.
Click Back to Administrators button to navigate back to the Administrators page. Here you can find your newly created login.
Adaptiva logins will be created in the root Administrators folder, while Windows AD Logins will be created in the Windows Administrators folder.
Assigning Roles to Administrators
By default, all newly created users are added to the All Admin role. This role has limited access.
To manage roles for an Administrator account, follow these steps:
On the Administrators tab, click the administrator in the details pane to open the editor.
In the administrator editor, scroll down to the Direct Roles section. Displayed here are any roles already assigned to this login. Click Browse to add a new role.
The Manage Roles screen will display. This view allows you to navigate the Roles folder structure and search for specific roles. The Roles folder will contain roles that are universal to all Adaptiva products that are installed. Check the box next to one or more roles to assign to the Administrator account.
To remove a role, uncheck the box next to the role.
Click OK.
In the administrators editor, the new role assignment will appear in the Direct Roles section. You can also remove a role assignment by click the ellipsis (...) and then Remove.
For existing administrators, changes to this list will save immediately. When you add or remove a role on an existing Administrator, saving the Administrator object is not necessary. The new role assignment is applied immediately.
Manage Role Assignments
To add administrator accounts, including AD Groups, to a specific role, follow these steps:
Click the Roles tab.
In the details pane, click the All Admin Role.
Scroll down to the Role Membership section and click Browse.
In the Select Administrator dialog, select one or more administrator accounts and click on OK.
Click +Add AD Group.
In the Active Directory Group dialog, enter the following:
Domain Name: Enter the NETBIOS Domain name
Group Name: Enter the Domain Local or Domain Global Group name
Click Check Group to verify group membership.
NOTE: The group must have members. Also, nested group membership is not supported, only direct members will be returned. Universal Groups are not supported.
Click Add AD Group.
Click Save.
Members of the AD Group will automatically be created as Adaptiva Administrators and added to the All Admins Role
Creating New Roles
Some organizations may want to create custom roles to control access to what some administrators can view or change. Roles can be created in the Web Portal, but at this time, Folder-level and Class permissions can only be assigned using the Adaptiva Workbench. Follow the steps below to create a new role:
On the Roles tab, click + New.
In the Role editor, complete the following sections:
Role Properties
Role Name: Give the role a descriptive name.
Role Description: A detailed description of the purpose of the roles.
MFA Required: Require all administrators assigned to the role to use multi-factor authentication.
Role Membership
Add direct administrators or AD Groups to the role. See the section Manage Role Assignments.
In Role editor, click Save.
Last updated
Was this helpful?