search cancel

Adding a SysAdmin to CloudSOC using Directory Sync

book

Article ID: 175824

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway CASB Gateway Advanced

Issue/Introduction

Create an AD group and have it setup so that when a user is added to the group and Synced to CloudSOC they will be provided with SysAdmin rights. Ideally this would be done via Access Profile, but there is not a SysAdmin profile.

Resolution

This is not currently supported.

However, creating an Access Profile that has been granted all rights to the tenant will be able to mirror nearly everything a SysAdmin can do. The following will not be available to this user:

  1. See other SysAdmin users
     
  2. See History for any other user in the tenant besides their own
     
  3. Receive support announcement emails from CloudSOC

 

Note: The use of the "User Attribute" feature gives the admin the ability to auto-assign the users of a certain AD group to the access profile.

This way, the admin needs to define an access profile with the desired level of permissions, then to auto assign the users to the profile by adding them to the Active Directory Group assigned.

Here is an example:

1- Choose or Create an Active Directory Group to be used for the power admins (Let's use Administrators)

2- Create Access Profile (let's call it PowerAdmin) with the desired level of permissions.

3- Use the AD Group chosen in step one as the "User Attributes" of the Access profile defined on step 2

4- Moving forward, any synced user to Cloudsoc from AD which has the "memberOf" attribute contains the assigned AD group will be automatically assigned the define permissions.


Attachments