Users and Roles
Managed Service Providers and larger enterprises are encouraged to use the multi-tenancy in Action1 – create several organizations within your Action1 account and organize managed endpoints around them. To share access to organizations’ data and settings with your co-workers, Action1 enables you to invite users and assign roles.
By default, the user who creates the first organization becomes both the Organization admin and Enterprise admin. Unless there are multiple organizations, the chief administration role is displayed just as “Admin”.
Action1 comes with preset roles and each role provides rights to a limited scope of Action1 functionality. It enables you to grant access to data specifically needed by the user’s position and establish a “least privilege” model, i.e., limit user rights exclusively to their tasks.
- Viewer – Organization: the least elevated role. Recommended for users who need read-only access to data such as security officers, consultants, or internal auditors.
- Manager – Organization: a limited administration role. Recommended for helpdesk personnel and organization operators.
- Organization admin – Organization: this role gives unlimited access to data and configuration settings within an organization. Recommended for system administrators.
- Enterprise admin – Entire enterprise (My enterprise): the tenant-wide administration role. This is the most powerful role.
Viewer – Organization
Manager – Organization
Organization admin – Organization
(only org name and roles)
Enterpise admin – Entire enterprise (My enterprise)
- Navigate to the Users page – it lists users across all organizations who have access to the Action1 account.
- Select + Invite to add a new user.
- In a window that opens, select the identity provider to use (Action1 or Entra ID), provide the user’s name, their email address, and a temporary password. Finally, link a user either to a specific organization or to the entire enterprise (My enterprise) and assign a role. Update the session duration if necessary. The user will get an email invitation to join Action1.
To remove or change user assignments, select actions next to a user and pick an action. Note that you have to revoke all user roles before deleting a user.
To enable SSO and switch to using Entra ID (former Azure AD) as an identity provider, see SSO Authentication.
Assigning and Managing Roles
- Navigate to the Organizations page to review available organizations and role assignments. To learn more about organizations and how to switch among them, see Multi-Tenancy for MSPs and Enterprises.
- Select an organization from the list. To see tenant-wide assignments, select My Enterprise [Entire Enterprise]. Note that you must have appropriate permissions to manage user assignments (enterprise or organization admin role depending on the settings you want to change).
- Review users and their roles. On top of that, Action1 displays the API credentials that were configured for the organization or enterprise.
- To add a new user assignment, select Add Users. Then, select a user from the list and pick a role. Make sure to invite a user first on the Users page.
- To modify or revoke roles, select actions next to a user name and pick an option such as Remove role and Make manager.