Authored by Vandana Kukreja, co-authored by Sravanthi Teddu.
IBM Security MaaS360 with Watson offers the capability for multiple administrators to manage a single account, however there needs to be a master administrator with a service administrator role in order to manage all other admins.
There may be situations where some of the admins managing an account needs to have their access suspended temporarily or permanently. Here are two possible scenarios:
1) An admin is moved out of organisation.
2)An admin has switched roles but remains in the same organisation.
To manage the above scenarios, a portal administrator management in a UEM is one of the critical feature sets, that demands highest amounts of account security and customer data privacy.
In this blog, I’m going to explain how customers can easily manage different administrators in MaaS360 by enabling and disabling them with the help of the master admins with Service Administrator role.
Here are the actions available:
Temporary suspension of admin account
There are scenarios when the admin account needs to be suspended temporarily for a small period of time. Some typical examples include:
1) An employee is on sabbatical leave
2) An employee is switching to a different role for a short duration of time.
For these kind of scenarios MaaS360 admin management has a feature which can be used to serve the purpose. This feature is Deactivate admin
- Login to MaaS360 Portal and navigate to Settings -> Administrators -> Remove action
- Administrator workflow page shows the list of admins in the account and actions that can be applied on them. Remove action is one of those to disable account.
- Remember to choose the Deactivate option from the radio button available in Remove action prompt.
On clicking “Deactivate”, a Security Check prompt appears for logged in admin authentication to confirm the action. On successful authentication the deactivate action will be performed and a success message would appear at the top of the screen. The deactivated admin won’t be able to access the portal from this point.
All the deactivated admins will still be visible in Administrators table with Inactive filter on Status column.
Here is the video for steps walkthrough for Deactivate action.
Re-enable temporary suspended admin account
It’s quick and easy to re-enable a suspended account when the admin owner is set to come back to the portal. The master admin should follow the below steps:
- Login to MaaS360 Portal and navigate to Settings -> Administrators -> Reactivate action
- Administrator workflow shows the list of all admins.
- Find the admin on which you want to perform the action and Click on Reactivate
- If you do not find the admin you want to re-enable, check the status filter of the grid. It should have “All” or “Inactive” selected to show the de-activated admins.
This action needs authentication in the Security Check screen from the admin performing this action. After successful authentication, the action is complete, and the success message will display at the top of the screen.
The reactivated admin will receive a new temporary password in an email address, which can be accessed through the portal again.
Here is the video that outlines the steps for Reactivate action
Permanent suspension of admin account
To delete an admin account permanently, when an employee leaves the organisation or moves to different role, the MaaS360 portal provides the Delete admin action.
Delete Admin works as follows:
- Login to MaaS360 Portal and Navigate to Settings ->Administrators-> Remove action
- Administrator workflow shows the list of all admins.
- Find the admin on which you want to perform this action.
- If the admin is active, click on Remove action
- Remember to choose Delete option from the radio button available in Remove action prompt.
- If the admin is inactive, click on Delete action
Here is the video that will walk you through the steps for Delete action
As part of the process, the following data is cleaned up and MaaS360 will not retain this data in compliance with GDPR.
- Permanent clean-up of admin PII information
- First and Last name
- Contact email
- Phone number
- Contact address
- Admins personalised UI preferences will be deleted.
- Any email reports subscriptions by this admin for the managed account gets cancelled.
- The deleted administrator will not be listed in the administrators table.
For the account security, audit of action performed by the admin is retained even after the admin is deleted. The action history will remain unaffected in the respective workflows.
Here we end the steps to simple actions to manage the admin access to the portal. We hope you find this blog article helpful.
MaaS360 has been in the Gartner leadership quadrant for 9+ years. IBM strives to ensure that the admins and end users have a world class experience as part of managing and using their mobile and laptop devices. Please feel free to reach out to us if you have any questions. We are happy to answer your questions.