# Security and Access Control ## Security and Access Control The Adaptiva Admin Portal supports several forms of user authentication: * Active Directory * Open ID Connect (OIDC) * Security Asset Markup Language (SAML) * Internal Adaptiva User ID During the installation of the Adaptiva Server, the installer allows the administrator to create an Adaptiva User ID or specify an AD user account as SuperAdmin. The SuperAdmin account has the maximum permissions in the Adaptiva environment. Integration with 3rd party identity providers must be performed after installation. ## Manage Administrators and Roles 1. Log in to the Admin Portal at `http[s]://AdaptivaServerFQDN[:port]`. 2. Click the gear icon ![gear icon](/files/WTzSkHtTiMjjbhpDKuea) **> Settings > Security > Administrators**. The Administrators view opens. The Administrator account created during installation is displayed. The default folders are **Administrators > Windows Administrators**. When you select a folder, the details pane will show the members of the selected folder. Other folders may be exist depending on which products you have licensed, e.g. OneSite Admins, Advanced Endpoint Health Roles, Basic Endpoint Health Roles. ### Add a new Administrator 1. Click the **Administrators** tab. ![Administrators](/files/LmTp2dWigfsjygY59oTr) 2. Click **New**. 3. The Administrator editor will appear. Complete the following sections: **User Details** ![User Details](/files/ry6LeCeirpxnGkTr3oXk) **Admin Type**: Specify if this is an Adaptiva, Windows AD, OpenID Connect, or SAML login. * **Adaptiva** * **Email Address**: Specify email address of administrator. This is a required field. The email address does not have to be a real or valid email address. It will become the account's username and will be required when using the Adaptiva login * **Password**: Specify a password for the new account. The password must be at least 10 characters long and include at least one uppercase letter, one lowercase letter, and one numeric character. Enter the same password in the Confirm Password box. * **MFA Enabled**: Require multi-factor authentication when administrator logs in. * **Windows AD** * **Email Address**: Specify email address of administrator. * **Windows Domain**: Enter the NETBIOS domain name of the account domain * **Windows User Name**: Enter the SAMAccountName of the user's domain account that will be created as an Adaptiva Administrator * **OpenID Connect** or **SAML** * **Email Address**: Specify email address of administrator. * **Identity Provider**: Select your provider. Create new OIDC and SAML providers in the **Security > OIDC Providers** and **SAML Providers** menus. * **Subject ID**: Enter the unique identifier for the application user. **Administrator Details** ![Administrator details](/files/KeUSl53NVKxj2EAUxXJJ) Administrator Details require a valid First and Last name entry. Additional contact information is optional. **Direct Roles** ![](/files/IuXA6ldGQKP1qtf2CT6w) Click **Browse**, select a role like **All Admin Role**, and click **OK**. This list represents all roles to which the administrator has been added directly. 4. Once you've completed the required fields, click **Save**. ![](/files/nH0xnpDJ9n5mQsB2XDKH) 5. Click **Back to Administrators** button to navigate back to the Administrators page. Here you can find your newly created login. ![](/files/lnfzcDKIzejMSFfjYOI7) Adaptiva logins will be created in the root Administrators folder, while Windows AD Logins will be created in the Windows Administrators folder. ### Assigning Roles to Administrators By default, all newly created users are added to the **All Admin** role. This role has limited access. To manage roles for an Administrator account, follow these steps: 1. On the Administrators tab, click the administrator in the details pane to open the editor. ![](/files/grmls3qNwBODunug17an) 2. In the administrator editor, scroll down to the **Direct Roles** section. Displayed here are any roles already assigned to this login. Click **Browse** to add a new role. ![](/files/vGvdh7hnZYskWU385Nen) 3. The Manage Roles screen will display. This view allows you to navigate the Roles folder structure and search for specific roles. The Roles folder will contain roles that are universal to all Adaptiva products that are installed. Check the box next to one or more roles to assign to the Administrator account. * To remove a role, uncheck the box next to the role. 4. Click **OK**. 5. In the administrators editor, the new role assignment will appear in the *Direct Roles* section. You can also remove a role assignment by click the ellipsis (**...**) and then **Remove**. For existing administrators, changes to this list will save immediately. When you add or remove a role on an existing Administrator, saving the Administrator object is not necessary. The new role assignment is applied immediately. ### Manage Role Assignments To add administrator accounts, including AD Groups, to a specific role, follow these steps: 1. Click the **Roles** tab. 2. In the details pane, click the **All Admin Role**. ![](/files/aNxPL0GFyRa6dqIv9JK8) 3. Scroll down to the Role Membership section and click **Browse**. ![](/files/TARhmzgPONWH6sGZzlV8) 4. In the Select Administrator dialog, select one or more administrator accounts and click on **OK**. 5. Click **+Add AD Group**. ![](/files/32gu2JQ2IacyF8mLikmQ) 6. In the Active Directory Group dialog, enter the following: * **Domain Name**: Enter the NETBIOS Domain name * **Group Name**: Enter the Domain Local or Domain Global Group name 7. Click **Check Group** to verify group membership. > NOTE: The group must have members. Also, nested group membership is not supported, only direct members will be returned. Universal Groups are not supported. 8. Click **Add AD Group**. 9. Click **Save**. Members of the AD Group will automatically be created as Adaptiva Administrators and added to the All Admins Role ### Creating New Roles Some organizations may want to create custom roles to control access to what some administrators can view or change. Roles can be created in the Web Portal, but at this time, Folder-level and Class permissions can only be assigned using the Adaptiva Workbench. Follow the steps below to create a new role: 1. On the Roles tab, click **+ New**. 2. In the Role editor, complete the following sections: ![](/files/YN2lx1Zd3LFnpGd0mDK6) **Role Properties** * **Role Name**: Give the role a descriptive name. * **Role Description**: A detailed description of the purpose of the roles. * **MFA Required**: Require all administrators assigned to the role to use multi-factor authentication. **Role Membership** Add direct administrators or AD Groups to the role. See the section [Manage Role Assignments](#manage-role-assignments). 3. In Role editor, click **Save**. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.adaptiva.com/platform-guide/security/security-access.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.