Within the Platform , you can configure each hierarchical level and access additional ways to create and manage objects within the Workspace.
Accessing the Settings screens to configure the Platform
Hierarchical Level | Accessing the Settings Screen | Available Options |
Tenant settings | Click the Settings icon ( | View or modify the IDP source (options are PlainID Internal or External IDP). To modify the settings, click Edit. |
Environment settings | Click the three vertical dots and select Settings. | View and edit Environmental details, set Environment Permissions, and configure and manage Scopes, API Authorizers and Data Authorizers. |
Identity Workspace settings | Click the Settings icon ( | View and manage Identity Workspace settings, define Identity Attributes and configure Workspace access Permissions. |
Authorization Workspace settings | Click the Settings icon ( | View and edit Authorization Workspace details, and configure Workspace access Permissions. |
Orchestration Workspace settings | Click the Settings icon ( | View SaaS Authorization Management capabilities for policy management while working with third-party vendors. Options include discovering policies and objects and translating them to the Platform language. |
).
).About Permissions
The Permissions tab enables you to apply access rights to various levels of the Platform . There are two levels of access permissions:
Admin: gives administrative permissions to create, modify, and delete entities within that level
Viewer: gives permission to view only.
| Permissions can only be defined when using an external IDP. |
Permission levels are managed on the Settings screens, and can be applied at the following levels:
Environment
Identity Workspace
Authorization Workspace
Orchestration Workspace
Tenant Level Permissions
At the Tenant Level, there is only an Admin level. Users with this level of permissions have full administrative capabilities within the Tenant, including all Environments and Workspaces.
Environment Level Permissions
At the Environmental Level, there can be both Admin and Viewer users.
Admins have full administrative capabilities within the Environment.
Users with Viewer permission have access to a full view of all data-related objects managed within the Environment.
Note: When an Environment Admin creates a new Workspace, they automatically have a claim that gives them Workspace level permissions automatically, allowing them to manage their Identity or Authorization Workspaces. If certain permissions are not required, the claim can be removed through the Permissions tab in the Authorization Workspace Settings.
Workspace Level Permissions
At the Workspace Level, users can be given either Admin or Viewer permissions to one or more Workspaces. At this level, Admin permissions give the user full administrative capabilities only within the specified Workspace. Similarly, Viewer permission gives the user a full view of all data-related objects managed within the specific Workspace only.
Editing Permission Levels
At the Environment and Workspace levels, IT Admins can modify which users get Admin Permissions (allowing them to perform any Admin operations) to the Environment and which get Viewers permissions (restricting them to view-only).
To edit Permission levels:
Access the Settings screen where you wish to modify the Permissions (Environment, Identity Workspace or Authorization Workspace).
Select the Permissions tab. The Permissions screen opens.
Click Edit. The fields become editable.
In either (or both) of the available sections, enter the Name(s) or Group(s) for those individuals or groups that should be granted Admin Permissions and Viewer Permissions.
When you finish making the changes, click Save.