When attempting to configure, view, or modify SCIM synchronization under the Global Management section in the Symantec Enterprise Console, the page fails to load and displays the following error browser message:

403! You are not authorized to access this page. Please contact your system administrator and try again.

This issue occurs when the authenticated administrator account lacks the global tenant-level privileges required to manage identity provider settings.

The Symantec Enterprise Console enforces a strict administrative role hierarchy for the SCIM Configurations page:

• Account Settings Manager: Authorized to create, modify, and map SCIM configurations across environments.

• Product Super Admin: Authorized only to map existing configurations to product environments.

• Product Admin (e.g., Cloud SWG Enterprise Administrator, Agent Administrator): Not authorized to access the SCIM page, which triggers the 403 Forbidden error.

Step-by-Step Instructions:

1. Log into the Enterprise Console with an account that has Account Management privileges.

2. In the left-hand navigation menu, expand Global Management and select Administrators.

3. In the administrators table, locate the affected user profile.

4. Click the three-dot menu (...) located on the far right of the user's row and click Edit.

5. In the admin profile configuration window, locate the Manage Account Settings toggle switch.

6. Toggle the Manage Account Settings switch to ON (this grants the mandatory Account Settings Manager role).

7. Click Save to apply the changes.

Note: Once permissions are updated, the affected user must log out of the Enterprise Console entirely, clear their browser cache (or open a new Incognito/Private window), and log back in for the changes to take effect.