In the Administration console, you can manage user and role settings from the Users and roles section of the Settings page.
To view the Users and roles section in Settings:
- Select Administration from the top-left navigation menu.
- Select Settings from the left-side panel.
- Select Users and roles.
Manage users in Administration only
The Users and roles section has a tenant-settings switch Limit adding and removing users to user admins in Administration only.
The switch is turned off by default, and workspace administrators can add or remove users from within a model. User administrators can also add or remove users from the Administration console.
Tenant administrators can turn on the switch so that only user administrators can add or remove users from the Administration console. Workspace administrators can't add or remove users from within a model when the switch is turned on.
Note: Independent of the switch position, user administrators can also use the SCIM APIs to add or remove users.
Assign exception users in Administration only
If your tenant security administrator enables single sign-on (SSO), users can only log in to Anaplan with SSO. Users designated as exception users can choose if they want to log in to Anaplan with either SSO or basic authentication (email address and password).
The Users and roles section has another tenant-settings switch called Limit exception user assignment to Administration only. The switch is turned off by default, and workspace administrators can assign exception users within models.
Tenant administrators can turn on the switch, which enables tenant security administrators to assign exception users in Administration only. When the switch is turned on, workspace administrators are unable to assign exception users within models.
Note: Independent of the switch position, tenant security administrators can also use the Exception users API to assign or unassign exception users.
