Administrative Privileges

Only user accounts with administrative permissions can use the Administration Web Interface to configure OneSpan Authentication Server Appliance. Administrative privileges are assigned to user accounts and therefore a separate user account is needed for each administrator. For more information about the default administrative accounts, see Default administrative users.

Administrative permissions may be assigned based on the following:

• Type of permission (e.g. read, create)
• Type of object (e.g. authenticator, policy)

The domain and organizational unit where the administrator account is located determines the administrative scope:

• If the account belongs to an organizational unit, the administrator will be able to manage user accounts and authenticator records belonging to that organizational unit.
• If the account does not belong to an organizational unit, the administrator will be able to manage all authenticator records and user accounts belonging to that domain.
• If the account belongs to the master domain, the administrator may be able to manage all authenticator records and user accounts in the database. This depends on the Access Data in All Domains privilege, which is only available to administrators in the master domain.

For more information, see OneSpan Authentication Server administrator accounts.

Copy Admin Privileges From does not copy the domain scope along with the administrative privileges. Domain scope values must be set per administrator.