RBAC is a quick way to assign and approve roles and permissions in Workspace ONE Intelligence.
RBAC has pre-defined roles that you can assign to admins for access to the resources they use. Assign a single role or combine roles for those admins who require permissions to your entire environment.
One of the systems Workspace ONE Intelligence can get user data from is Workspace ONE UEM. RBAC supports adding admins from Workspace ONE UEM from both the basic users and the directory-based users.
To use your Azure AD admin groups with RBAC, you must authorize Workspace ONE Intelligence to access your public Azure AD environment using Microsoft Graph APIs.
Workspace ONE Intelligence stores minimal information from Azure like the user's first and last name, their contact email, or their affiliated groups. The integration does not include a regular sync schedule or polling operation but rather validates information when the user accesses Workspace ONE Intelligence.
Current Workspace ONE Intelligence users with access before the introduction of RBAC are assigned all roles. An admin with all roles assigned is a super admin. RBAC does not have a single role for a super admin.
To set up RBAC, configure several components in Settings > Administrators .
When you modify RBAC permissions in Workspace ONE Intelligence, the system sends an Account Role Modified email to the RBAC user. The notification lists who changed the permissions, when they changed them, and which permissions changed.