Delegate application management

To delegate the management of specific applications to other Users or Roles, you can enable the Manage permission in the CyberArk Identity Admin Portal Application Permissions page. You must be a member of the System Administrator role or a role that has the Application Management Administrative Right to assign the Manage permission to other users or roles. Once configured, the delegated application administrator can modify application settings and request and approve access to applications.

To allow delegated application administrators to also enable permissions for other Users or Roles, select the Grant permission for the delegated application administrator. See Grant for a description of the Grant permission.

Limited the Admin Portal access is given to delegated application administrators with only the Manage permission. For instance, the following Application page functions are not available:

  • Add Web App

  • Application permissions (you can also select the Grant permission to enable delegated application administrators to set limited application permissions for other users)

  • Add Sets

    The following pages are not available to delegated application administrators that only have the Manage permission enabled: Dashboards, Core Services, Endpoints, Downloads, and Settings.

To add a delegated application administrator

  1. In the Admin Portal, go to Apps > Web Apps or Mobile Apps to display a list of available applications.

  2. Select the application, then click Permissions.

  3. Click Add to search for and select the Users, Groups, or Roles to which you want to grant the Manage permission, then click Add.

  4. Select the Manage permission (the View permission is also selected) for each User, Group, or Role you add as a delegated application administrator.

    Also selecting the Grant permission allows delegated application administrators to set application permissions for other users.
  5. Click Save.