User Roles

Use roles to organize your application users and their permissions. Each user role maps a title to a set of permissions that you define within each application. Roles are application-specific and must be unique within an application. However, you can reuse a user role name in another application.

Once you save a user role in SOTI Identity, it is automatically added to the associated application where you can define its permissions. You can assign roles to individual users or to entire user groups at once. You can even assign multiple roles to the same user. However, if the permissions of those roles conflict, the application user may experience unexpected behavior. In the event of multiple role assignments, the most restrictive role takes precedence. For example, if you grant both an Admin role and a Viewer role to a user, the user will only have access to the privileges of the more restrictive Viewer role.

You can add or edit roles at any time after you set up an application. Users assigned to that user role feel the effects of your changes the next time they log into the application.

  • In SOTI Connect, SOTI Snap, and SOTI MobiControl, roles are defined in the applicable application, not SOTI Identity
  • SOTI XSight only supports a single role.
Note: SOTI Identity itself has two default user roles: application user and account administrator.

An application user can log into the SOTI ONE portal or directly into any SOTI ONE applications assigned to them.

Account administrators have the same capabilities as application users plus they can modify all SOTI Identity account settings, including adding, editing, or deleting users, applications, and LDAP or IdP connections. Only grant this role when you want the user to have administrator level access to the SOTI Identity console.

You cannot add new user roles to SOTI Identity, and you cannot edit or delete the default user roles.

Example User Role Structures

Create user roles based on region
  • Americas
  • EMEA (Europe, the Middle East and Africa)
  • APAC (Asia-Pacific)

Then, in the application, define permissions based on the needs of users assigned those user roles.

For example, in a SOTI MobiControl application, you can specify that users assigned the EMEA user role should only have permissions related to devices deployed in the EMEA region, rather than globally.

Create user roles based on job function
  • Administrator
  • App Developer
  • Tester

Then, in the application, define permissions based on the needs of users assigned those user roles.

For example, in a SOTI Snap application, you can limit the Tester user role to low-level, view only permissions and cannot perform any administrative-type tasks.