Workspace ONE Access uses role-based access control to manage delegation of roles. You assign the Super Admin, Directory Admin and ReadOnly roles to Active Directory groups to manage access to the clustered Workspace ONE Access instance.

You assign the following administrator roles to the corresponding user groups.

Workspace ONE Access Role

Example Active Directory Group Name

Super Admin

wsa-admins

Directory Admin

wsa-directory-admin

ReadOnly Admin

wsa-read-only

Procedure

  1. In a web browser, log in to the clustered Workspace ONE Access instance by using the administration interface to the System Domain with configadmin user (https://<wsa_cluster_fqdn>/admin).
  2. On the main navigation bar, click Roles.
  3. Assign Workspace ONE Access roles to Active Directory groups.
    1. Select the Super Admin role and click Assign.
    2. In the Users / User Groups search box, enter the name of the Active Directory group you want to assign the role to, select the group, and click Save.
    3. Repeat this step to configure the Directory Admin and the ReadOnly Admin roles.