An Administrator role in Workspace ONE Access can be revoked from the specific role’s Assign page. You can revoke all roles that are assigned to a user from the user’s profile page.

You can remove the group from the role, to revoke the role for all members of the group. You cannot remove a role from a specific member of the group. To remove a user from the role, you remove the user from the group.

Remove Workspace ONE Access Administrator Role from Individual Users

A super administrator or an admin with the roles administration role can remove an administrator user from a role in the Workspace ONE Access service.

To revoke the role, you edit the user's profile page in the Accounts > Users page.
Note: Administrator roles can be revoked directly from the role's Assign page.
  1. In the Workspace ONE Access console Accounts > Users page, select the user name. All the roles assigned to this user are listed in the Access Settings > Roles section.
  2. Click EDIT and deselect the check box for the roles to revoke.
  3. Click NEXT to navigate to the Summary page and then click SAVE.

    The user is removed from the role and the role is removed from the user profile.

Remove a Group from a Workspace ONE Access Admin Role

When you remove a group from a role, access is revoked for all members of the group. The Roles section of the user and the group profile pages is updated to remove the role.

Individual member of a group cannot be removed from a role. To remove a member of a group from a role, remove the user from the group.

If a user in the group was directly assigned to the role, when the group is removed from the role, the administrator role is maintained for the user.
Note: Group administrator roles can be revoked directly from the role's Assign page.
  1. In the Workspace ONE Access console Accounts > User Groups page, select the group name from the list .

    In the Group Info page, the Roles section lists all the roles assigned to this group.

  2. In the Roles section, click here.

    You are redirected to the Roles page.

  3. Select the role and click Assign.
  4. Click X next to the group name to remove the group from the role.
  5. Click Save.

Removing Groups from a Role

Group A, which includes User1, User2, and User3, is assigned to the Directory Admin role. The Group A, User1, User2, and User3 profiles are updated to reflect the Directory Admin role in their profile pages.

User2, also is directly assigned to the Directory Admin role.

You revoke access to Group A. Group A, User1, and User3 are removed from the role and the role is removed from these profile pages.

Because User2 was directly assigned to the Directory Admin role, User2 is still assigned to the Directory Admin role.