Access control for SaaS administrators
A SaaS administrator is one who is employed by a subscribing customer of a service provider. The extent to which the SaaS administrator handles access control depends on the contractual relationship between the two companies. This topic describes two different scenarios for SaaS administrators. In both scenarios, Calbro represents the service provider company and Acme represents its SaaS subscriber.
Access control maintained by service provider administrator
In this scenario, Calbro maintains the users and user groups for Acme. Access to features and objects is controlled by authorization profiles in the * tenant.
Acme's tenant administrator can view Acme's users and user groups from User Accounts in the TrueSight console. However to edit or delete the users and user groups, the Acme administrator must approach the Remedy Single Sign-On administrator at Calbro and request the changes.
Because * tenant authorization profiles apply across all tenants, the authorization profiles maintained by the service provider are also available for use by Acme.
Access control shared by SaaS and service provider administrators
In this scenario, Calbro creates a new tenant in Remedy Single Sign-On. If Acme uses LDAP, then Calbro's administrator configures the LDAP integration for Acme in Remedy Single Sign-On. Acme's administrator maintains the LDAP server for Acme users.
Because Acme's administrator is a member of the BmcTenantAdmin group, he can access Administration menu options and create roles and authorization profiles for his users. These authorization profiles are not accessible by any users or administrators in other tenants.