Hub Services uses role-based access control (RBAC) to manage administrator's access to the services in the Hub Service console.

Five predefined administrator roles can be assigned to Workspace ONE Access user groups in the Hub Services console Admin Roles page.

  • Super Admin. The super admin role can access and manage all features and functions in the Hub Service console. Only super admins can assign and manage roles. The first super admin in Hub Services is the Workspace ONE Access super admin.
  • Auditor. The auditor role has read-only permissions to view all pages in the Hub Service console.
  • Notification Admin. The notification admin role can create and send notifications, manage the notification list on the Notifications List tab, and edit the Notifications Global Settings page.
  • Notification Creator. The notification creator role can create and send notifications from the Notifications List tab. The notifications creator has read-only access to view the Global Settings page.
  • Notification Auditor. The notification auditor role has read-only permissions to view the Notifications List tab and Notifications Global Settings page.

As a super admin, you can assign user groups which you created in the Workspace ONE Access console, to Hub Services admin roles. The members of the user group become administrators for that particular role. You can assign the same group to multiple roles, or assign different group to each role.

When a group is assigned to more than one role, the behavior of the roles applied is additive. For example, if the user group is assigned two roles, one is Auditor with read-only permission in the Hub Services console and the second role is Notification Admin, the group can view all the Hub Services console pages, and in the Notifications pages, can create, send, and manage notifications.

By default, admins that are granted the Notification Admin or Notification Creator role can manage and send notifications to any groups in your organization. When you add groups to a notification role, you can specify a specific target audience that the admins can send notifications to. When you select a specific target audience, you can ensure that admins are sending notifications to only that target audience. You can assign target groups from Organization groups, Smart groups, Workspace ONE Access User groups, and platforms.

You can see the list of the current admins groups and their roles, change a role, and remove roles from the Hub Services Admin Roles page.

Hub Services console Admin Roles page

Users that are assigned Hub Services admin roles access the Hub Services console directly from their Workspace ONE Intelligent Hub web portal. Users click on the user name in the Web portal and select the Manage Hub Experience link.

Accessing Hub Service console from web portal

Hub Services Super Admin Role

The first super admin in the Hub Services console is the Workspace ONE Access super administrator. To add other super admin users, the Workspace ONE Access super admin assigns a Workspace ONE Access user group to the Hub Services super admin role. Members of the group can access and manage all features and functions in the Hub Services console, including adding groups to the other Hub Services roles. Members of the Hub Services super admin group do not have permissions to access the Workspace ONE Access console.

Workspace ONE Access admin users who are not super admins in Workspace ONE Access are designated as Auditor admins in the Hub Service console. In this role, they are granted read-only access to tabs, the notification list, and all notifications sent to any target audience.