You are now able to apply a role to an external profile or group (a user or users that are set up on a different CloudM domain) that allows them to access your domain and carry out any action you have set against the specified role.
This feature is especially helpful where domains are managed by a third party, or where an administrator needs access over several domains (such as different brands) within the same company.
The role that you assign to an external user is specific to your domain only, and does not have any effect on the user’s permissions on their own domain or any other domains they are given access to.
To create and apply a custom role to an external profile or group:
- Sign in to CloudM Automate using an administration account that has permissions to create roles and assign them to users.
- Navigate to Settings > Roles, using the Functions column on the left hand side of the screen.
- Select Create new Role and set a Name for the role and leave the scope set to Global.
- Select Create new role.
- Make sure that the new role is selected from the Roles column, and move all of the permissions that you wish to grant the external user from the Unused Permissions column to the Assigned Permissions column, using the arrow icon.
- Select Save.
- Select the Role Assignments tab.
- Click on the Assign to field, and select External Profile to assign the role to a single user, or External Group to assign the role to a specific group of external users.
- Enter the email address of the external profile (or the external group).
- This must be the e-mail address that the user uses to sign in to their CloudM Automate domain.
Set a specific Org Unit that the role applies to.
- This means that the user can only perform the permissions that they have been given on accounts associated with the specific Org Unit (e.g. a department like Marketing, or location like UK office). Leaving the Org Unit field blank allows access to all user accounts on the domain.
- Select Add.
- The external user will now be able to see your domain address as a link when they select Administrate > Managed Domains.
- Selecting a domain address will open that domain in the same window (so the user cannot have multiple domains open at the same time), and does not require the user to sign in.
- Once on your domain, the user can perform any action that you have granted them permission to use. A message at the top of the screen will be displayed, stating that the user is logged on to the domain as an external admin.
- To navigate back to their own domain, the user simply selects the link at the top of the page.