Read-only access for admins to SaaS and Web apps
Organizations usually comprise multiple administrators and admins must be provided with different levels of access privileges. Security admin teams using the Secure Private Access service can provide granular controls, such as read-only access to admins. Administrators who do not add or modify an app can be provided with read-only access to view the app details. Secure Private Access service admins with read-only access cannot perform the following tasks.
- Add Enterprise Web or SaaS apps.
- Add new Connector Appliances in existing or new resource locations.
How to provide read only access to admins
After signing in to Citrix Cloud, select Identity and Access Management from the menu. On the Identity and Access Management page, click Administrators. The console shows all the current administrators in the account.
- In Add administrators, select the identity provider from which you want to select the administrator. Sometimes, Citrix Cloud might prompt you to sign in to the identity provider first (for example, Azure Active Directory).
- If Citrix Identity is selected, enter the user’s email address and then click Invite.
- If Azure Active Directory is selected, type the name of the user you want to add and then click Invite.
- Select Custom access. The following options appear:
- Select Full Access Administrator (Technical Preview) – Provides full access.
- Read Only Administrator (Technical Preview) – Provides read-only access.
Select Read Only Administrator (Technical Preview).
- Click Send Invite.
- When you provide Read Only Administrator access to Citrix Gateway Service admins, you must also enable Library from the General Management list for those admins. Only then the View option for the apps is enabled for the admins.
- The Add a Web/SaaS App button is disabled for users with Read Only Administrator access.
- After signing in to Citrix Cloud, select Library from the menu.
Select the app that you want to view the details and click the ellipsis. Only the View option is enabled. All other options are disabled.