The tenant security administrator role enables you to manage your tenant’s security settings.
A tenant security administrator can:
- Access the Self Service SAML feature in the Administration console.
- Set up single sign-on (SSO).
- Create a new identity provider (IdP) connection.
- Modify an existing IdP connection.
- Disable an existing IdP connection.
- Set up an IP allow list.
- Create and manage OAuth 2.0 clients.
- Enable or disable API key creation and revoke API keys.
- Assign exception users in Administration if enabled by a tenant administrator.
See Assign action permissions to model roles for how to assign the role to a user.
Tenant security administrator policy details
The table below displays the resources that a tenant security administrator controls.
| Resource type | CREATE | READ | UPDATE | DELETE |
| Session policies | ||||
| Tenant feature setting | ||||
| Exception user | ||||
| Tenant | ||||
| User | ||||
| Role membership | ||||
| Workspace | ||||
| API key | ||||
| Administration | ||||
| Clients | ||||
| Policy | ||||
| Connection | ||||
| Role |
