A VMware Identity Manager super administrator or a role that includes the role administrator service and the users and groups service can assign a role to users and groups to elevate them to administrators of that role.
Prerequisites
- Before adding an identity manager administrator role to a user who is synced from the Workspace ONE UEM directory, make sure that the user profile is configured with an Admin User Promote account in the Workspace ONE UEM console.
When users with the Admin User Promote account sync to VMware Identity Manager, they are recognized as administrators and can be assigned a role in VMware Identity Manager. If an admin is not in this account in the UEM console, when the Workspace ONE UEM directory syncs with the VMware Identity Manager directory, the admin role is removed from the user profile.