Role assignment
Assigning roles to users lets you control their access to the Identity Security Posture Management (ISPM) console. Role assignment is performed at the group level, which means that you create a group for each role type, and then add users to the appropriate group. To configure roles, your org must use Okta as an identity provider.
- Super admin
- This role gives users full access to all pages in the ISPM console. They can see the data in all of your org's connected sources and perform all remediation actions in those sources. Super admins can also assign roles to groups. Assign this role only to the users who require this elevated access.
- Issue responder
- This role allows users to investigate and fix security issues within their assigned sources. It's designed for app owners and admins (for example, a Salesforce admin) who need to remediate vulnerabilities in their systems without accessing other sources. Assign this role to your team members who need to view data from their assigned sources, respond to issues in those sources, perform automatic remediation through Okta Workflows and event hooks, or dismiss issues.
- Issue viewer
- This role allows users to monitor security issues without making changes. It's designed for team members who need visibility into your org's security posture but shouldn't modify settings or take actions. If you're concerned with team members dismissing issues or remediating them through Okta Workflows and event hooks, or you need to limit team members' write access to sources, assign them this role.
- Source administrator
- This role allows users to connect and manage data sources. It's an operational role designed for team members who need to onboard sources, but don't need to see data in those sources. You can combine this role with the issue viewer or issue responder role if you want users to have expanded access to their assigned sources.
Role comparison
|
ISPM Console
|
Action |
Super admin
|
Issue responder
|
Issue viewer |
Source administrator
|
|---|---|---|---|---|---|
| Dashboard and Inventory |
Access all pages |
● |
|
||
| Issues | View issues* | ● | ● | ● | |
| Respond to issues (dismiss issues or trigger event hooks/Okta Workflows on demand)* | ● | ● |
|
||
| Settings | Assign and manage roles for groups | ● |
|
||
| Add, view, and manage data sources | ● |
|
● | ||
| Connect outbound integrations | ● |
|
|||
| Configure Single Sign-On | ● |
|
* — Users with the Issue viewer or Issue responder role can only view and dismiss issues for sources that are assigned to them by a super admin.
Get started
When you configure roles for your ISPM console for the first time, follow this sequence of configuration tasks:
-
Optional. Assign other roles to groups, such as issue viewer, issue responder, and source administrator.