Airlock as a Service Knowledge Base
API Reference Service Status Airlock Console
airlock.com

Administrators

In Airlock SaaS, administrators are responsible for the administration and operation of the Airlock SaaS service. The first SaaS Administrator, who created the SaaS customer account by registering for SaaS, holds per default all available roles and permissions, and has access to all tenants, administrators, and end-users. They may also invite other administrators and assign the invited administrators to tenants.

Invited administrators can by default only perform tasks on end-users, such as search for and manage end-users, view end-user logs, -profiles and authentication tokens. It is possible to assign additional roles to the invited administrator, depending on their task.

This article explains how to invite, edit (including the assignment of roles and tenants) and lock/delete administrators. See below for instructions. For a detailed overview of the available roles and permissions, see SaaS roles and permissions.

Prerequisites

To invite, manage, and delete administrators, the role AMC - Manage administrators is required. This role is by default part of the SaaS Administrator role, but can also be assigned separately to any administrator.

Location in the Airlock Console

You manage administrators in the Administrators dialog of the Airlock Console. For this, go to Administration > Administrators.


Inviting a new administrator

To invite a new administrator, click the Invite administrator button in the Administrators dialog. Fill the fields of the appearing window with the details of the person you want to invite as administrator, and click Send invitation to send the invitation to the dedicated person.

Functional limitation
It is currently not possible to alter the mobile phone number of the invited administrator if you entered it incorrectly when inviting this person. In this case, first delete the invited administrator in the Airlock Console, then send out a new invitation.

Notice
There is a limit of 50 administrators per organization. If you require more Administrator accounts, please contact the Airlock Support.


Accepting an invitation

If you are invited to become an administrator of the Airlock Console, you have three days to accept. Once you have started the accept-invitation flow, you must complete it in one stretch.

Proceed as follows:

  1. Click the Accept invitation button in the invitation email.

  2. Next, you will receive an SMS code on your mobile phone.

  3. Go to the login page of the Airlock Console, and enter the SMS code in the login screen. This is to confirm your mobile phone number.

  4. Next, choose a secure password.

  5. To enhance security, you must enable multi-factor authentication with the Airlock 2FA app. Install the Airlock 2FA app on your mobile phone and activate your Airlock 2FA account by scanning the online displayed QR code.

You have completed the accept-invitation flow and are ready to use the Airlock Console.


Modifying an administrator's tenant access

Upon inviting an administrator, you specify the tenant(s) to which the invited administrator should have access. If required, it is possible to change the tenant access of an administrator later on. This happens in the Administrators dialog of the Airlock Console.

Notice
Administrators with the following roles have by default access to all tenants within the organization: AMC - Manage tenants, Airlock SEC, SaaS Administrator. It is therefore not possible to edit their tenant access.

Proceed as follows:

  1. In the Administrators dialog, find the entry of the respective administrator in the administrator list. Select Edit tenant access from the context menu on the right-hand side of the entry.

  2. The appearing popup window lists all available tenants. Enable or disable the respective tenant's checkbox to allow or remove access, respectively.

  3. Click Save to apply your changes.


Editing the profile of an administrator

Editing an administrator's profile includes modifying their name or email address as well as assigning or removing roles. These actions are performed in the Airlock Console's own Adminapp, in which you can manage the details of all SaaS administrators. This Adminapp is identifyable by the black left sidebar - see also Tenant color concept. Proceed as described in the instructions below.

Editing the administrator details in the Console's Adminapp

  1. In the Administrators dialog, find the entry of the respective administrator in the list.

  2. Select Edit administrator from the context menu on the right-hand side of the entry.

The details of the administrator are displayed in the Console's Adminapp.

The Adminapp contains the following tabs:

  • Overview - This tab shows the user-, login- and lock/unlock details of the respective administrator.

  • Profile - This tab allows you to update the administrator's profile, including first and last name, user handle, email address, and assigned roles.

    • User Handle: Refers to the administrator's username used to authenticate to the Airlock Console. Note that changing the user handle does not update the display name in the Futurae/Airlock 2FA application.

      Notice
      After modifying the administrator's profile, always click Save to apply your changes.

  • Authentication Methods - This read-only tab shows the (active) authentication method used by the administrator.

  • Password - This tab shows read-only meta data on the administrator's authentication password. Clicking Send reset email will trigger a password reset flow.

  • The next read-only tabs show details on the other authentication methods available for the adminstrator, e.g., Airlock 2FA, mTAN/SMS.

  • Activities - This tab lists the latst activities of the respective administrator.

Assigning roles to or removing roles from an administrator

  1. Go to the Adminapp's Profile tab.
    ▶ In the User Profile section, the Active Roles list to the right shows all roles currently assigned to the respective administrator, the Available roles list to the left those roles that are still available for the administrator.

    1. To assign an additional role to the administrator, click the relevant role in the Available roles list to the left, then click the >> icon. The role is added to the Active Roles list to the right.
      Repeat this step for all roles you want to assign to the administrator.

    2. To remove a role from the administrator, click the relevant role in the Active Roles list to the right, then click the << icon. The role is added to the Available Roles list to the left.
      Repeat this step for all roles you want to remove from the administrator.

  2. Click Save to apply your changes.


Locking or unlocking an administrator

An administrator may get locked out of the application due to various security reasons. It is possible to control the lock state of an administrator and amend it.

  1. Go to the Adminapp's Overview tab.

  2. Modify the administrator's locking situation in the User Locking section on the lower right-hand side of the tab.


Deleting an administrator

  1. To delete an administrator from your SaaS organization, go to the Adminapp's Profile tab.

  2. Click the red Delete button in the lower left corner of the tab.
    ▶ A popup window opens.

  3. Confirm the deletion in the popup window.

Deleting administrators ends their session in the Airlock Console immediately.
Note that any sessions already established in other browser tabs (e.g., in a tenant IAM Adminapp or in the Adminapp used to manage other users) are not revoked and may remain active until they expire or the user logs out.