Skip to main content
All Collectionsitopia WorkAnywhere Help LibraryWorkAnywhereManaging a Deployment
WorkAnywhere Administrator Accounts
WorkAnywhere Administrator Accounts
F
Written by Fegeins Louis
Updated over 4 months ago

Overview

The WorkAnywhere admin console (cas.itopia.com) allows you to create and manage Cloud Desktop deployments. The admin portal also lets you create additional administrator accounts and assign them specific permissions.

The admin console includes several built-in roles for broad permissions on individual deployments or on your overall WorkAnywhere organization. The console also allows you to create and assign custom roles that have granular permissions to specific portions of the admin console.

This article describes the built-in roles and the custom permissions available for the WorkAnywhere admin console, and also provides step-by-step instructions on creating and assigning custom roles to administrator accounts.

NOTE: This process is only required administrative access to the admin console. End-user accounts for Cloud Desktops are managed from the Users module in the admin console; information on managing end-user accounts are available here: Managing Users

Built-In Roles

When a new WorkAnywhere organization is created (as part of signing up for itopia WorkAnywhere), WorkAnywhere provides four built-in roles that can be used to assign high-level permissions to the organization or to one or more projects:

  • Organization Owner - Members of this role have full read/write access to all aspects of the WorkAnywhere organization and all deployments. Only members of this group can create custom admin roles. This is the role assigned to the user account used when signing up for itopia WorkAnywhere.

  • Deployment Owner - Members of this role have full read/write access to all WorkAnywhere modules for one or more deployments. Owners of a deployment can create additional administrator accounts and assign permissions on that deployment.

  • Deployment Editor - Members of this role have full read-write access to all WorkAnywhere modules for one or more deployments. Editors of a deployment cannot create additional administrator accounts or assign permissions on that deployment.

  • Deployment Viewer - Members of this role have read-only access to all WorkAnywhere modules for one or more deployments. Users with this role cannot change settings, create or delete resources, or perform any actions.

Members of the Organization Owner, Deployment Owner, or Deployment Editor role also receive a Domain Admin Active Directory account in the deployment(s) to which they have access. This user account is created the first time they perform a password reset for their corresponding AD account, as described in the Reset Admin Passwords article.

Custom Roles

If you want to assign more granular permissions to your WorkAnywhere organization or to specific deployments, you can create custom roles in the admin portal. Custom roles allow you to provide read-only or read-write access on specific modules in the WorkAnywhere admin portal, as well as to control other administrative access such as the creation of a "Domain Admin" account in the deployment's Active Directory. The full list of permissions is provided in the table below.

DOMAIN AND LOCAL ADMIN ACCOUNTS

Administrator account in domain and on non-domain VMs

DEPLOYMENT CONFIGURATION

Assign and change admin roles

View Module (read-only)

USERS

Create / Delete Users

Edit Users

Enable / Disable / Unlock Users

Reset Passwords

View Module (read-only)

APPLICATIONS

Create / Edit / Delete Applications

View Module (read-only)

COLLECTION POOLS

Create / Edit / Delete Collection Pools

View Module (read-only)

FOLDERS / SHARES

Create / Edit / Delete Folders and Permissions

Create / Edit / Delete Mapped Drives

View Module (read-only)

SECURITY GROUPS

Create / Edit / Delete Groups

View Module (read-only)

IMAGES

Create / Edit / Delete Images

View Module (read-only)

SERVER UPTIME

View Module (read-only)

Create / Edit / Delete Server Uptime Schedules

SNAPSHOTS

View Module (read-only)

Create / Edit / Delete Snapshot Plans

VPNS

View Module (read-only)

Create / Edit / Delete VPNs

VM INSTANCES

Create new VMs

Edit VMs

Delete VMs

Power On/Off and Reboot VMs

View Module (read-only)

ORGANIZATION CONFIGURATION

Create / Delete Deployments

Invite admins and change admin roles

Subscription and billing information

View configuration (read-only)

TASKS

View Tasks (read-only)

Marks Tasks Complete

CATALOG

View Catalog (read-only)

Perform Discovery

INSIGHTS

View reports

Creating Custom Roles

To create a custom role in WorkAnywhere:

  1. Log in to the WorkAnywhere admin console (cas.itopia.com) as a member of the Organization Owners role.

  2. From the top navigation bar, click on your user name. From the drop-down, select Manage Organization.

  3. On the Organization Settings screen, click the Admins tab.

  4. In the Admin Roles section, click Create.

  5. Provide a unique Name for the role and, optionally, a description.

  6. Select the checkbox next to each permission you would like to enable for the role.

  7. Click Create.

Note that roles in the WorkAnywhere admin console are not deployment-specific. When you assign the role to an administrator, you will select the deployments to which the user will have the specified access.

Creating Administrators and Assigning Roles

When creating a new administrator for your WorkAnywhere organization, you must provide a unique itopia username (in email address format); you can, however, use the same email address for administrator accounts in multiple deployments. The new administrator receives an email invitation to join your organization.

To create an administrator in WorkAnywhere:

  1. Log in to the WorkAnywhere admin console (cas.itopia.com) as a member of the Organization Owners role.

  2. From the top navigation bar, click on your user name. From the drop-down, select Manage Organization.

  3. On the Organization Settings screen, click the Admins tab.

  4. In the Administrators section, click Create.

  5. Provide the required information for the account: First Name, Last Name, Email Address, itopia username (this should be the same as the email address).

  6. From the dropdown list, select the WorkAnywhere admin role that should be assigned to the user.

  7. In the Deployments section, specify either All deployments or Select deployments and check the box next to the desired deployments. Note that any roles with organization-wide permissions will apply to the organization regardless of the deployments selected.

  8. When you are finished, click Send Invite.

Considerations and Limitations

At this time, the following considerations and limitations exist for delegating administrative access in WorkAnywhere:

  • Users can only be assigned to a single role, and the assignment is the same for all deployments to which they are granted access. That is, a user cannot have different role assignments for different deployments.

  • Editing certain organization-wide settings (such as the WorkAnywhere authentication method) can only be performed by members of the Organization Owner role, and cannot be delegated to custom admin roles.

  • If you delete a custom role that is currently assigned to users, those users will lose access to the WorkAnywhere admin console. To restore their access, you must assign them to a new role.

Did this answer your question?