Cymmetri Identity platform has six different admin roles with various levels of access to the various menus and resources on the administration portal of the Cymmetri deployment.

The various admin roles on the Cymmetri Identity Platform may be described as follows -

Organization Administrator

This is the so-called “super admin” administrator role in the Cymmetri Identity platform deployment. The administrators having this role have the authorization to change any settings or making any changes to the tenant.

Domain Administrator

This is slightly less privileged administrator. Most tenant-wide system settings, such as the configuration of the SMS, Email providers (where such configurations are made by the tenant), are restricted for the domain administrators, all other configurations may be viewed and edited by admins with the Domain administrator role.

Application Administrator

An administrator with a role of Application Administrator has access to the Identity hub configurations, including application, user, and group configurations. The application administrator may map users and groups to applications, and are able to edit all configurations related to Application Management.

Report Administrator

An administrator with a role of Report administrator has the access to the reports menu, including viewing, modifying and adding new reports.

Help Desk Administrator

Helpdesk administrator has access to a very limited set of administrative functionalities, such as, reset password of end-user, remove configured Multifactor authentication options, and other such common use-case

Read Only Administrator

All administrative users have read only access to the administrative section of the Cymmetri Identity platform tenant, but the admins with the role “Read Only Administrator” do not have any edit access to any of the settings or configurations, and only have “Read Only” access to the administrative section.

Adding New Admins

Click on the Configuration menu on the right-hand side menu

Now click on the Admins sub menu within the Configuration menu

Search for the user to assign an administrator role to them and click on the assign button

Select the chosen administration role and click on save

Administrator has been assigned the role as “Report Administrator”.

Custom attributes may be added for all user entities in your Cymmetri Identity Platform tenant. This allows organizations to add custom user attributes, that are used across the applications in your organization.

For example, your organization has a custom attribute that captures and uses the local language of your employees and vendors for the purpose of providing local services. This attribute may be stored in your Active Directory deployment, and may need to be synchronized to your organization’s other applications during the course of an employee or vendor’s employment.

Cymmetri Identity platform allows the administrator to define custom attributes on a tenant-wide level.

Configuring Custom Attributes

1. To start configuring custom attributes, click on the configurations left-hand side menu and then click on the custom attributes link on the popup menu.

2. Click on the Add New button to start adding custom attributes

   1. Name/Key refers to the label assigned to the custom attribute on the Cymmetri Administration and Workspaces.

   2. Value refers to the variable name assigned to this custom attribute, when it needs to be referred to in the various configurations of the Cymmetri Identity portal, such as provisioning and reconciliation campaigns.

3. Click on the Save button to save the new custom attribute.

The Cymmetri Identity platform allows a certain level of customization to your tenant from the administration panel. This includes the ability to modify the default Cymmetri branding scheme to your own Organization’s branding scheme).

1. Your Organization Name and Tag line

2. Your Organization logo

3. Your Organization branding colors (Primary, Secondary, Accent Colors)

Configuring your tenant branding

1. To access the branding menu, first click on the Configuration left-hand side menu and then proceed by clicking on the Branding pop-up menu item.

2. Start the configuration by entering your Organization Name and Tag Line

3. Proceed by adding your URL to the Website text box and click on “Fetch Brand”.

4. If your organization’s branding is available, the logo and the corresponding color scheme will be displayed in the menu below.

5. If your branding is not available, you may configure it yourself by uploading your logo and editing your primary color, secondary color, and Accent color.

6. Click on Save and Sync Server to make the branding configuration apply to the entire website.

7. The configuration will be applied in a few seconds to reflect your branding.

Masters are key-value pairs that can be defined for the entire tenant. The key in this context refers to the label to be shown on the Cymmetri User Interface, and the value is the backend identifier used to reference this field in various processes, rules, and policies defined in the Cymmetri Identity platform deployment.

Cymmetri Identity platform allows for configuring a number of masters in the system, the major classification among which is Global masters (which allow for creating master key-value pairs that may be used for various situations, such as creating a new department, designation, and other custom attributes for users in the system) and Zone masters (which are network configurations that may be used to whitelist or blacklist user access onto the platform as well as act as a source for adaptive Multi-factor authentication).

Global masters

These are system-wide key value pairs primarily used to setup key value pairs referring to various masters as given below -

Types of Global masters

Country

Country key-value pairs are stored in the system, and are available as drop-downs wherever needed in the system - User attributes, Policies and other mappings.

UserType

UserType is used as one of the conditions while defining authentication policies and as an input in the rule engine.

Department

Department is used as one of the conditions while defining authentication policies and as an input in the rule engine, and also as a user attribute.

Designation

Designation is used as one of the conditions while defining authentication policies and as an input in the rule engine, and also as a user attribute.

GroupType

GroupType is used as one of the conditions while defining authentication policies and as an input in the rule engine, and also as a group attribute.

AccountStatus

AccountStatus is used as one of the conditions while defining authentication policies and as an input in the rule engine, and also as a user attribute.

RBAC

RBAC (System Roles) is used as one of the conditions while defining authentication policies and as an input in the rule engine, and also as a user attribute.

CustomAttribute

Custom Attributes are the custom attributes that are key-value pairs that can be directly accessed by various backend engines by referring to them as attributes of the user object.

ApplicationCOSO

Refers to the various COSO mapped to application roles for the purpose of Segregation of Duties. Typical values for these are “Admin”, “Maker”, “Checker” and “Readonly”.

Zone Masters

Zone masters indicate the network zones that may be used for blacklisting or whitelisting access to the Cymmetri Identity platform deployment. It may also be used for detecting users from certain zone and assign relevant multi-factor authentication policies.

Zone Name - Used to refer to a zone in other configurations on the Cymmetri Identity platform.

Inactive/Active - Toggle button to check whether the zone is active (configurable as a condition for other rules on the Cymmetri Identity platform.)

Gateway IP - Refers to the Gateway IP address for the network zone.

Proxy IPs - Proxy Server IP addresses that may be used to be directed to this network or the IP addresses outside of the zone that would indicate a connection from this zone.

CIDR - Refers to the CIDR notation of the subnet of the network that this zone refers to. CIDR Notation.

Fill all the mandatory configurations, click on the enable toggle button and finally click a “Save” button.

Notifications are triggered from the Cymmetri Identity platform tenant for various actions occuring on the platform either through direct action by the end-user or by the virtue of some backend action (such as running of a scheduler for a campaign). Cymmetri Identity platform ships with default notification templates that may be modified by the administrator using the following process.

1. Access the notification templates menu by clicking on the configuration menu on the left-hand side menu bar and then clicking on the Notification templates pop-up menu.

2. Click on the eye icon to preview the corresponding template

3. Values in <> anchor tags and ${} reflect macros.

4. Click on the pencil icon to edit the template.

5. We may treat this template as an email, and edit the subject of the mail.

   By default, the email notification will be sent to the corresponding affected end-user, but selecting the toggle option for “Send notification to Reporting Manager” will also copy the mail to the Reporting manager of the affected end-user, allowing for offline followup for the notification.

6. The administrator may edit the HTML using the provided HTML editor to add/change any template button/text/background. The macros required for the particular template are already provided in the sample default notification template.

7. Click on the save button to save the notification template.