Understand Administrator Roles

In the following topic, you learn about Oracle Identity Cloud Service administrator roles and the privileges associated with each role.

In your organization, you might want administrators to have different rights of access to various tasks and resources in Oracle Identity Cloud Service. For example, the identity domain administrator has superuser privileges for an Oracle Identity Cloud Service identity domain. This administrator may want to delegate some of their responsibilities to other users to carry out the tasks associated with these responsibilities, such as managing system configuration and security settings, applications, users, groups, group memberships, and so on. To do this, the administrator assigns these users to other Oracle Identity Cloud Service administrator roles. Users who are assigned to these roles will be able to perform specific tasks that are associated with the roles.

The following table lists the Oracle Identity Cloud Service administrator roles that you can assign to users and describes the privileges for each administrator role. See Add or Remove a User Account from an Administrator Role.

Administrator Role Privileges
Identity domain administrator

Has superuser privileges for an identity domain in Oracle Identity Cloud Service

Identity domain administrators can:

  • Manage users, groups, applications, system configuration, and security settings

  • Perform delegated administration by assigning users to different administrative roles

  • Enable and disable Multi-Factor Authentication (MFA), configure MFA settings, and configure authentication factors

  • Create self-registration profiles to manage different sets of users, approval policies, and applications

Security administrator

Manage Oracle Identity Cloud Service system configuration and security settings for an identity domain in Oracle Identity Cloud Service.

Security administrators can customize the interface, default settings, notifications, and the password policy, configure Multi-Factor Authentication (MFA), and manage the Microsoft Active Directory (AD) Bridge, Provisioning Bridge, identity providers, and trusted partner certificates.

Application administrator Manage Oracle Identity Cloud Service applications. Application administrators can create, update, activate, deactivate, and delete applications. Application administrators can also grant and revoke access to applications for groups and users.
User administrator Manage users, groups, and group memberships for an identity domain in Oracle Identity Cloud Service.
User manager Manage all users or users of selected groups in Oracle Identity Cloud Service. User managers can update, activate, deactivate, remove, and unlock user accounts. User managers can also reset passwords, reset authentication factors, and generate bypass codes for user accounts.
Audit administrator Run reports for an identity domain in Oracle Identity Cloud Service.
User

Perform self-service capabilities in Oracle Identity Cloud Service.

Users can update their profiles, reset their passwords, change their email preferences, link their social accounts to Oracle Identity Cloud Service, request access to groups and applications, view their access requests, access groups and applications assigned to them, and enroll in Multi-Factor Authentication (MFA).

Note: By default, all Oracle Identity Cloud Service users are granted the User role. You can assign a user to the additional administrator roles that appear in this table.

Note:

See Typical Workflow for Using Oracle Identity Cloud Service to learn more about the tasks that users who belong to each administrator and user role can perform in Oracle Identity Cloud Service.