Delegated administration
Delegated administration enhances flexibility and control over persona management within the TrustBuilder platform. Admins can delegate persona management, allowing users to oversee and manage other users' personas within their assigned scope.
Setting up Delegated administration
There are two ways for admins to set up delegated administration:
configure a broad delegation, granting rights across all personas within a defined scope.
configure a targeted delegation, restricting rights to selected personas within the defined scope.
Broad delegation
As “Delegated Admin” is a system persona, its properties cannot be modified.
To delegate persona administration through a system persona, you should assign “Delegated Admin” persona to a user with a specific duration and scope.
In TrustBuilder Admin portal, go to Identity Management > Users.
Edit the user profile to be assigned to the persona.
Go to Personas tab > +Add Persona.
Select Delegated Admin persona and click on Next step.
Define this persona's parameters for this user:
Preferred persona: (Optional) Set as preferred.
Persona details: Define the validity period.
If left empty, the assignment becomes effective immediately upon saving the form and remains valid indefinitely.Persona scope: Add persona scope value(s).
Scopes can be any value. However, we recommend that you use values that make sense and are consistent. For example: scope values based on the location (Belgium, France, Italie, Spain), on the department (marketing, IT, sales, HR,…), on a number (scope1, scope2, scope3,…).
The scope values added here must match the scope values defined in the personas of the users to be managed.
Click on Save.
The Delegated Admin persona has been assigned to the user with a specific scope.
Based on the defined validity, the user will be able to manage users personas within the specified scope, from its Self Service Portal.
See Self-Service Portal documentation
Targeted delegation
To delegate persona administration trough delegation parameters in a persona, you should first enable and configure delegation in a persona definition and then assign this persona to a user with a specific duration and scope.
Step 1: Enable and configure delegation in persona definition
In TrustBuilder Admin portal, go to Identity Management > Persona Definitions.
Create or edit a persona definition.
In the Delegation parameters in the persona definition:
Toggle to Authorize delegation.
Select the persona(s) that can be delegated.
Click on Save.
Step 2: Assign the persona to the user
In TrustBuilder Admin portal, go to Identity Management > Users.
Edit the user profile to be assigned to the persona.
Go to Personas tab > +Add Persona.
Select the persona with delegation enabled and click on Next step.
Define this persona's parameters for this user:
Preferred Persona: (Optional) Set as preferred.
Persona details: Define the validity period.
If left empty, the assignment becomes effective immediately upon saving the form and remains valid indefinitely.Persona scope: Add persona scope value(s).
Scopes can be any value. However, we recommend that you use values that make sense and are consistent. For example: scope values based on the location (Belgium, France, Italie, Spain), on the department (marketing, IT, sales, HR,…), on a number (scope1, scope2, scope3,…).
The scope values added here must match the scope values defined in the personas of the users to be managed.
Click on Save.
Based on the defined validity, the user will be able to manage users personas within the specified scope, with the specific personas from its Self Service Portal.
See Self-Service Portal documentation
**Videos Credits:** Music: "Soso" by Daystar