In this lesson we will create additional administrators to help manage your device fleet. Administrators in AirWatch are granted access based on two things: the Organization Group at which they exist, and the Role that they are assigned. An admin will only have access to devices, profiles, settings, and reports at or below their assigned Organization Group . An administrator's role defines the items to which they have access. For example, you may decide to create an administrator who can only view devices in your Sales department (by restricting their Organization Group) and may only be able to manage content (determined by their role). In this lesson, we will walk through the typical configuration of a new admin account.
|Creating Administrator Accounts||
Watch the Video!
- Navigate to Accounts > Administrators > List View.
- Select an Organization Group in the upper left hand corner. This will be the default organization group for this administrator account.
- Choose Add Admin. Selecting the user type will determine how the administrator Authenticates. Select Basic to manually create the Admin user or select Directory to import the user info from an Active Directory account.
To create a Basic Admin Account:
- Input a Username and Password for the admin account
- Check the Require password change at next login box to force the administrator to change their password after the first time they log in.
- First Name, Last Name and Email – The name and Email address of the administrator
- Initial Landing Page – The first page that an administrator will view after authenticating into the Web Console. To change this field, clear the contents and begin typing the name of any Web Console page.
- Fill in any additional Details or Notes that will only be visible in the Web Console
- Roles – Navigate to the role tab to add a role for the Organization Group(s) that you would like the admin to have access to. For instance, if the administrator is a help desk operator, then a Help Desk role with limited access may be the best fit. The roles are configured separately from administrative accounts.
To import an Admin User from Active Directory:
- You must have already configured Directory Services within AirWatch
- Select the appropriate directory and domain
- Enter in the user's username from AD and click Check User
- Complete the remaining fields as needed
- Once complete, click Save to create the new administrative account
|Creating Administrator Account Roles||
Watch the Video!
Admin roles allow your business to control the security and permissions of your MDM administrators by restricting access to components of the AirWatch Web Console. You may directly control the administrator’s access by creating a new role or editing an existing role.
To create admin account roles
- Navigate to Accounts > Administrators > Roles to edit and existing role or create a new one.
- Click Add Role and fill in the form to create a new role.
- Name/Description - Choose a descriptive role name so that the role can be easily assigned to a user.
- On the left, you can select Categories to define the levels of access that will be available for different components of the AirWatch Web Console.
- You can also click on the name of the category to view a list of resources available for each category on the right.
- To quickly locate resources of a specific type, use the search bar in the upper right-hand corner.
- When complete, click Save
Using Multi-Tenancy for delegated administration
Each division can manage their department separately as if each had their own MDM system.
To create an Admin Account that only has access to a selected organization group and any of its child organization groups:
- Select an Organization Group on the Organization Group bar in the upper left hand corner. This will be the default organization group for this administrator account.
- Now that the organization group is selected, you are ready to add the Admin Account using the process in the Creating Administrative Accounts section of this lesson.
- Once logged in, the admin user only has access to the organization group selected and all of its child organization groups.