A VMware Identity Manager super administrator or a role that includes the role administrator service and the users and groups service can assign a role to users and groups to elevate them to administrators of that role.


  • Before adding an identity manager administrator role to a user who is synced from the Workspace ONE UEM directory, make sure that the user profile is configured with an Admin User Promote account in the Workspace ONE UEM console.

    When users with the Admin User Promote account sync to VMware Identity Manager, they are recognized as administrators and can be assigned a role in VMware Identity Manager. If an admin is not in this account in the UEM console, when the Workspace ONE UEM directory syncs with the VMware Identity Manager directory, the admin role is removed from the user profile.


  1. In the VMware Identity Manager console Roles tab, select the role and click Assign.
  2. Enter a name in the search box and select the user or group.
    Only groups with fewer than 500 users in the group can be promoted to an administrator role.
  3. Click Save.
    The users or groups become administrators for the role. The user profile page is updated to show the role.