Administrator Management

The steps outlined below detail how to create, edit, and remove an administrator account, and how to reset the password for an existing administrator account.

Adding an Administrator Account

  1. Go to Administration > Administrator and Role > Administrators.
  2. Click Add. The Administrator screen appears.
  3. Type the email address of a user to add as administrator in the Email Address text box and specify the user name in the Name text box.
  4. Select whether to allow this user to single sign on to the management console.

    If Okta-based single sign-on is enabled and properly configured, your Okta organization users added as administrators will be able to single sign on to the Cloud App Security management console using their Okta accounts.

    If Azure AD or AD FS-based single sign-on is enabled and properly configured, your AD users added as administrators will be able to single sign on to the Cloud App Security management console using their AD accounts.

  5. Assign a role to the user:
    1. Click the option button of the role to assign. All the existing roles are listed.
    2. Click Add Role if you want to define a new role. The Role screen appears.
    3. Name the role and specify permissions for it. For details, see Adding a Role.
    4. Click Save. The Administrator screen appears, and the newly added role is selected by default.
      Note: The new role will be automatically displayed on the Roles screen.
  6. Click Save. The administrator account is successfully created and displayed on the Administrators screen.

Cloud App Security sends an email message to the new administrator.

After logging on to the Cloud App Security management console, the administrator will be redirected to the first allowed page based on the permissions of the role assigned to the administrator.

Managing Administrator Accounts

  1. Go to Administration > Administrator and Role > Administrators.
  2. Do the following:
    Option Description

    Edit an administrator account

    Click the account name, select whether to allow single sign-on, select an existing role or add a new role for the administrator, and then click Save.

    Note:

    Email Address and Name are not editable.

    Delete an administrator account

    Select the check box of the account to delete, and then click Remove.

    Note:

    You can delete one administrator account at a time.

    You cannot delete an administrator account currently in use to log on to the management console.

    Reset the password for an administrator account

    Select the check box of the account to reset the password for, and then click Reset Password.

    Cloud App Security sends an email message to notify the administrator how to reset the password for the account.

    Verify the email address of an administrator account

    • Single sign-on (SSO) in Disabled status: Cloud App Security sends an email message to verify the administrator's email address and notify the administrator how to reset the account password.

    • Single sign-on (SSO) in Enabled status:

      • Administrators with SSO allowed do not need to verify their email addresses and can log on to the management console using their AD or Okta account credentials based on which identity provider you configured for single sign-on in Administration > Single Sign-on.

      • Administrators with SSO not allowed will receive an email message from Cloud App Security to verify their email addresses and reset the account password.

      • If SSO is switched from Enabled to Disabled, Cloud App Security sends an email message to notify the administrators of this. Administrators can choose to log on to the management console using their old password, or reset the password, or ask the Cloud App Security global administrator to enable SSO.