Idea Details

Assign a Group as superuser in SM

Last activity 06-03-2019 08:35 PM
Makesh Kannan Thangasamy's profile image
02-03-2015 10:40 PM

@SM AdminUI with External administration store only allows adding individual users as Admin, but not groups.

 

It will be nice to have such feature so as to assign a group as superuser in SM.


Comments

02-06-2019 09:15 AM

It will be really helpful feature having group assigned as administrator for easy management of admin/users who can access application.

02-06-2019 08:55 AM

This would be very useful.

 

It's kind of ironic that an access control solution doesn't support group based access control on its administration GUI.

02-06-2019 08:28 AM

This being a important feature in terms of easy user provisioning as well.  Adding individual users with set of privilege is quiet difficult at the moment having a wider team. At the same time, we cannot make each account as a super user as well.Hoping to see this considered to be taken further for implementation.

09-26-2018 01:38 PM

Hi Herb,

 

When can we expect this feature to be GA? could you please update us. In the field, We see the growing no of requests from customers.

 

Regards

Ashok

02-08-2018 04:33 AM

Honestly, how is this something that isn't already native to the admin UI...especially given that we are talking about governing administrative access to single sign on product.  At any rate, of course this request has my vote.

12-14-2017 06:54 AM

I would also suggest that a API be provided to do a reconciliation of administrator accounts. The API must be able to fetch all the administrator accounts and that would be used for auditing purposes.

02-17-2017 03:14 PM

Yes, this is definitely an important must have feature. More and more organizations are moving towards externalization of privileged access management. 

02-17-2017 02:48 PM

Same here, would be great for my organization.  We have an external (outside the SM team) Privileged Access security group who is taking over who can & can't access the WAM UI because they see it as a conflict that a SM admin can add anyone else in their group and give them permissions to do anything.  But this new team does not want their own administrator account to login to the WAM UI themselves to add/remove administrators.  They need to be able to add/remove users from LDAP group(s) and that will automatically give/remove WAM UI permissions for that person.  And as CVX-Alan suggested above, not just for super-users, you should be able to select a group and then assign whatever permissions you want people in that group to have.

10-04-2016 02:12 PM

This is not only a wanted feature but is a requirement at my organization.  So vote it up, we need to specify external RBAC control for SM Administrators instead of defining individuals and assigning them a role in SM itself.

10-04-2016 12:57 PM

A similar idea was submitted, so referencing it, but votes should be collected on this idea.

 

Duplicate - A UI authenticate administrator based on LDAP or AD group 

03-07-2016 02:45 PM

Thank you for your contribution of an enhancement idea to the CA Community. CA is continually working to improve its software and services to best meet the needs of its customers. Your input is vital to that effort. The CA Single Sign-On Product Management team has reviewed your enhancement suggestion and decided to maintain the idea for possible consideration in a future release. The Community will continue to be able to vote on this enhancement idea.

05-26-2015 01:55 PM

I would expand on this and ask being allowed to enter any group as an administrator in SM and allow for any role (e.g. not just as a SuperUser  but can also allow any group to have restricted access).

 

Thanks.

04-08-2015 01:58 PM

 

Thank you for your contribution of an enhancement idea to the CA Community. CA is continually working to improve its software and services to best meet the needs of its customers.  Your input is vital to that effort.  The CA Single Sign-On Product Management team is reviewing your enhancement suggestion.  The Community will continue to be able to vote on this enhancement idea.