Delegated administration

The delegated administration is a tool which offers the possibility to let non-Trustelem admin users administrate only Trustelem groups.
This new kind of administrator can do the following things on the administered groups:

dav2.PNG

To enable this tool, you need to send an email to your WALLIX sales contact.
This tool can be easily customized: change the logo or the background, remove a feature...

How to setup the Delegated administration

Once the tool enabled, you will have a new app on Trustelem named "Delegated administration". You can change its name and logo.

delegated-admin2.PNG

The first step for the setup is to give access for the selected users to this app using Trustelem tab Access rules

delegated-admin3.PNG

As usual, you can give individual rights for each delegated administrator but it's better to create a group for all of them and add a unique permission.

Then you need to go on the Trustelem profile of your delegated administrators, and add one attribute per group :

dav2_4.PNG

Instead of providing a group name, you can also use regular expressions to select multiple groups.
For instance regexp:.* will select all existing groups.

Still for the value field, you can add ;max:X to limit to X the maximum users number in the group, managed by this delegated administrator.

Finally, still on the same field, you can add assignableGroups:group1,group2,groupN to offer the possibility to add other groups to the users.

delegated-admin4.PNG

The first example let the administrator manage Trustelem group named TMA-Bastion with no additional features.
The second example let the administrator manage all Trustelem groups with a maximum of 3 users inside them.

editableGroups.PNG In the screenshot, there is "editableGroups" instead of "assignableGroups", because it changed --> this image will be modify. The right value is "assignableGroups".

The third example let the administrator manage Trustelem group named Supplier1 with a maximum of 5 users inside and the possibility to add the groups rdp and ssh to the 5 users.

Use case 1

One group on Trustelem is dedicated to one Supplier and gives all the requested access to applications.
This group is named Supplier1.
To handle license abuses, this group is limited to 10 users.
In this case the attribute groupManager should have the value: Supplier1;max:10

dav2_1.PNG

Use case 2

One group on Trustelem gives access to Google for users coming from Supplier2 and Supplier3.
This group is named Google
Another group on Trustelem gives access to SalesForce for users coming from Supplier2 and Supplier3.
This group is named SalesForce
I have 2 other groups: one name Suppliers2 with users coming from Suppliers2 and one name Suppliers3 with users coming from Suppliers3
To handle license abuses, the 2 suppliers are limited to 10 users.
In this case the attribute groupManager should have the value:

dav2_2.PNG Note: in this example, the buttons add user to the group and remove user from the group have been removed

How to use the Delegated administration

Once the delegated administrator is authenticated to the application, he can create new user using the Create user button.

delegated-admin5.PNG

Notes:

Then the delegated administrator can use the different buttons to:


Revision #14
Created 10 October 2023 08:51:38 by WALLIX Admin
Updated 7 March 2024 08:54:47 by WALLIX Admin