check-circle-line exclamation-circle-line close-line


RBAC is a quick way to assign and approve roles and permissions in Workspace ONE Intelligence.

Configure Admins Quickly with RBAC

RBAC has pre-defined roles that you can assign to admins for access to the resources they use. Assign a single role or combine roles for those admins who require permissions to your entire environment.

Basic and Directory Accounts in Workspace ONE UEM

One of the systems Workspace ONE Intelligence can get user data from is Workspace ONE UEM. RBAC supports adding admins from Workspace ONE UEM from both the basic users and the directory-based users.

  • Basic users are individual accounts that are not managed through an identity service. They require no enterprise infrastructure. These credentials exist only in Workspace ONE UEM and have no federated security.
  • Directory-based users are managed in an identity service and are pulled into Workspace ONE UEM. These users access resources with their directory credentials and any changes made to their accounts sync with Workspace ONE UEM.

Azure Active Directory (AD) to Use Admin Groups

To use your Azure AD admin groups with RBAC, you must authorize Workspace ONE Intelligence to access your public Azure AD environment using Microsoft Graph APIs.

Workspace ONE Intelligence stores minimal information from Azure like the user's first and last name, their contact email, or their affiliated groups. The integration does not include a regular sync schedule or polling operation but rather validates information when the user accesses Workspace ONE Intelligence.

Existing Users and RBAC Super Admins

Current Workspace ONE Intelligence users with access before the introduction of RBAC are assigned all roles. An admin with all roles assigned is a super admin. RBAC does not have a single role for a super admin.

Set Up Process

To set up RBAC, configure several components in Settings > Administrators .

  • Authorize Workspace ONE Intelligence to connect to your Azure AD system using the setup wizard.
  • Add and edit admins..

Editing RBAC Permissions

When you modify RBAC permissions in Workspace ONE Intelligence, the system sends an Account Role Modified email to the RBAC user. The notification lists who changed the permissions, when they changed them, and which permissions changed.