As well as allowing fine-grained control over user access to protected hosts, the AppGate ZTNA system also allows fine-grained control over the rights to use the Admin UI. You can configure new roles for setting up delegated administration rights, or create a role for a specific type of privilege in specific areas of the Admin UI. Admin Roles are assigned to users using Policies.
Before you start
Information you will need before configuring admin roles:
System administration privileges. Confirm the admin privileges that are to be delegated and the related targets. Refer to Admin user access for more information.
Tags. Confirm the tags that will be used to restrict the scope of admin privileges.
Background reading:
For more information on creating local accounts, see the Local users section.
For more information on delegating administration, see the Admin user access section.
For system security best practices, see the information on Admin Roles and Admin Rights.
Use the Admin Roles page for:
Creating new admin roles.
Configuring privileges for administrators to allow delegated administration. This is important in 'managed service' environments where customers may require some, but not all, privileges on some tagged targets.
Configuring privileges for an API user.
NOTE
MFA for Admins is configured in MFA for Admins.
When you are ready to start creating admin roles, see the Configure admin roles section.