The Team tab, allows administrators to invite users, assign roles, remove users and reset passwords.
User Roles
- Console Admins have full access to the MAM admin console.
- Console Users can create, edit, delete and deploy Workflows, but do not have access the Admin tab.
- Device Managers can only perform manual deployments to individual devices.
However, Imprivata can enable the option to bulk deploy for this role. - Device and Launchpad Read Only users can register, view, and modify only the Launchpads registered by them.
- Launchpad Only users can download and register Launchpads. They have no other access to the admin console.
The following table details the available user roles and their respective privileges.
| Role | Console Admin | Console User | Device Manager | Device and Launchpad Read Only | Launchpad Only |
|---|---|---|---|---|---|
| Workflows: Read & Deploy | |||||
| Workflows: Edit & Delete | |||||
| Launchpads: Download Mass Deployment installers and generate registration tokens | |||||
| Launchpads: Download interactive Launchpad installers | |||||
| Launchpads: Register | |||||
| Launchpad: List | Only Launchpads registered by same user | ||||
| Launchpad: Modify | Only Launchpads registered by same user | ||||
| Launchpad: End-user Display | |||||
| Dashboard | |||||
| Devices: List | |||||
| Devices: Modify | |||||
| Devices: Bulk retire | |||||
| Automation & Assets: List | |||||
| Automation & Assets: Modify | |||||
| Activity | |||||
| Admin |
Understanding Role Inheritance
Applies to 7.0 UAT
Imprivata Mobile Access Management allows any number of administrator roles, each with a different set of operations and permissions, depending on your organization tree. Consider the following information on role inheritance:
- Users have one identity across the whole organization tree and can view one or many organizations in MAM, depending on their role.
- Users can be assigned different roles in a parent organization and in any child organizations.
- An identity’s role is inherited by child organizations by default, but can be modified at the child organizations.
- For SAML customers, SAML access is required to be configured at the parent organization. Federated identities can have no role at the parent organization, but can have assigned roles at child or grandchild organizations.
- The parent-child organization hierarchy is always viewable to all identities with any role in either a parent or a child organization. However, data will only be viewable when either a role is directly assigned at that child organization, or inherited from a parent organization’s role.
- When viewing your organization from the Organization menu, your organization tree is displayed, but you may only have access to a certain set of child organizations. Organizations you do not have access to are greyed-out.
Access to the MAM Admin Console
Users that have not logged in to the MAM admin console within the past 90 days are prevented from logging in. Instead, Mobile Access Management sends the user an email with a link to validate that their email address is still valid before allowing login. The single-use link expires in five (5) days. Users are required to enter the correct password or use the Reset Password workflow to reset their password.
Applies to: All accounts, except for the Launchpad Only role. Does not apply to SAML organizations.
Invite New Users
For SAML-enabled organizations, you add new users to MAM rather than inviting them. For more information, see Configure SAML.
To invite new users:
- In the MAM console, navigate to Admin > Team.
- In the dialog, type the name and email address of the new user.
- In the Role box, select a role to assign the new user. Click Invite.
- To assign the chosen role to selected user in all sub-organizations where you have the Console Admin role, switch the Inherit and Apply Role to Sub-Organizations to ON.
The user is created in the organization. MAM sends an invitation email to the new user.
Edit Users
You cannot edit a user that has more permissions than your current role.
To edit the user information:
- In the MAM console, navigate to Admin > Team.
- Select the user and click Edit.
- In the dialog, update the name or email address of the user.
- In the Role box, select a different role, if needed. Click Save.
- To assign the chosen role to selected user in all sub-organizations where you have the Console Admin role, switch the Inherit and Apply Role to Sub-Organizations to ON.
- To delete the user, click Delete.
Show filters / Hide filters
You can filter the users list by using the filter pills.
Click Show filters to view the filter pills for users. Click Hide filters to hide the filters.