You can add admin groups to assign additional roles and permissions to your admins for special projects by taking the following steps.

  1. Navigate to Accounts > Administrators > Admin Groups and select Add. Complete the applicable settings.

    Setting Description
    External Type

    Select the external type of admin group you are adding.

    • Group – Refers to the group object class on which your admin group is based. Customize this class by navigating to Groups & Settings > All Settings > System > Enterprise Integration > Directory Services > Group .
    • Organizational Unit – Refers to the organizational unit object class on which your admin group is based. Customize this object class by navigating to Groups & Settings > All Settings > System > Enterprise Integration > Directory Services > Group .
    • Custom Query – You can also create an admin group containing administrators you locate by running a custom query. Selecting this external type replaces the Search Text function but displays the Custom Query section.
    Directory Name Read-only setting displaying the address of your directory services server.

    Domain and Group Base DN

    This information automatically populates based on the directory services server information you enter on the Directory Services page ( Accounts > User Groups > Settings > Directory Services).

    Select the Fetch DN plus sign (+) next to the Group Base DN setting, which displays a list of Base Domain Names from which you can select.

    Search Text

    Enter the search criteria to identify the name of an admin group in your directory and select Search to search for it. If a directory group contains your search text, a list of group names displays.

    Also, you can apply default roles to the admin group you are creating. After a successful search is run, select the Roles tab and then select the Add button to add a new role. Or edit an existing role by changing the Organization Group and Role selection.

    This setting is available only when Group or Organizational Unit is selected as the External Type.

    Custom Object Class

    Identifies the object class under which your query runs. The default object class is 'person' but you can supply a custom object class to identify your admins with greater success and accuracy.

    This setting is available only when Custom Query is selected as External Type.

    Custom Base DN

    Identifies the base distinguished name which serves as the starting point of your query. The default is 'airwatch' and 'sso' but you can supply a custom base distinguished name if you want to run the query from a different starting point.

    This setting is available only when Custom Query is selected as External Type.

    Group Name

    Select a Group Name from your Search Text results list. Selecting a group name automatically alters the value in the Distinguished Name setting.

    This setting is available only after you have completed a successful search with the Search Text setting.

    Distinguished Name

    Read-only setting that displays the full distinguished name of the admin group you are creating.

    This setting is available only after you have completed a successful search with the Search Text setting.

    Rank Read-only setting that displays the rank of the admin group once it is created. You can change an admin group's rank by navigating to Groups & Settings > Groups > Admin Groups and moving its relative position using the More action button to the right of the admin group listing.
    Auto Sync This option enables the directory sync, which detects user membership from the directory server and stores it in a temporary table. An administrator approves all changes to the console unless the Auto Merge option is enabled.
    Auto Merge Enable this option to apply sync changes automatically from the database without administrative approval.
    Maximum Allowable Changes

    Use this setting to set a threshold for the number of automatic admin group sync changes that are allowed to occur before approval must be given.

    This option is available only when Auto Merge is enabled.

    Add Group Members Automatically Enable this option to add administrators automatically to the admin group.
    Time Zone Enter the time zone associated with the admin group. This required setting impacts when the scheduled, automated Active Directory sync runs.
    Locale Select the localization setting (language) associated with the admin group. This setting is required.
    Initial Landing Page Enter the initial landing page for administrators in the admin group. The default setting for this required setting is the Device Dashboard but you can set it to any page of your choice.
    Custom Query
    Query This setting displays the currently loaded query that runs when you select the Test Query button and when you select the Continue button. Changes you make to the Custom Logic option or the Custom Object Class setting are reflected here.
    Custom Logic Add your custom query logic here, such as an admin name. For example, "cn=jsmith". You can include as much or as little of the distinguished name as you like. The Test Query button allows you to see if the syntax of your query results in a successful search before selecting the Continue button.

    For more information on Distinguished Name, search for Microsoft's TechNet article entitled "Object Naming" at https://technet.microsoft.com.

  2. Select Save.