Administrator permissions

Assign administrative permissions

To assign permissions to administrators, go to the Administrators tab on the Identity and Access Management page of Citrix Cloud.

Video about assigning permissions to administrators:

Video about assigning permissions to administrators

Types of Session Recording cloud administrators

For the Session Recording service specifically, there are three types of cloud administrators, which are achieved by assigning different roles:

Type of Session Recording cloud administrator Description
Full admin Refers to a Citrix Cloud administrator assigned Full access, the Cloud Administrator, All role, or the Session Recording-FullAdmin, All role.
Privileged player admin Refers to a Citrix Cloud administrator assigned only the Session Recording-PrivilegedPlayerAdmin, All role, or assigned the Session Recording-PrivilegedPlayerAdmin, All and the Session Recording-ReadOnlyAdmin, All roles.
Read-only admin Refers to a Citrix Cloud administrator assigned only the Session Recording-ReadOnlyAdmin, All role.

Note:

The administrators that you add through Azure AD groups don’t have any permissions initially. To assign them permissions, specify custom access that aligns with the administrators’ roles in your organization.

Azure AD groups don't have any permissions initially

Add administrators from Azure AD

Administrative access to the Session Recording service is enabled for Azure Active Directory (AD) users and groups.

A general workflow to use the feature is as follows:

  1. Connect your Citrix Cloud account to your Azure AD. For more information, see Connect Citrix Cloud to Azure AD.
  2. Add administrators to Citrix Cloud from Azure AD.

    Citrix Cloud supports adding administrators either individually or as Azure AD groups.

    • To add individual administrators from Azure AD, see Add new administrators. When you add an administrator, Citrix sends them an invitation email. Before the administrator can sign in, they must accept the invitation.
    • To add Azure AD administrator groups to Citrix Cloud, see Add an administrator group to Citrix Cloud. Administrators that you add through Azure AD groups don’t receive invitations and can sign in to Citrix Cloud immediately after you add them.
  3. Specify permissions for the administrators that you add.

    For Session Recording specifically, there are three types of administrators, which are achieved by assigning different roles. For more information, see Types of Session Recording administrators.

    Note:

    • The administrators that you add through Azure AD groups don’t have any permissions initially. To assign them permissions, specify custom access that aligns with the administrators’ roles in your organization. Azure AD groups don't have any permissions initially
    • The Playback Permissions menu in the left navigation of the Session Recording service is invisible for the administrators that are added through Azure AD groups.
    • The Generate command button for cloud client installation is unavailable for the administrators that are added through Azure AD groups.

Permissions of Session Recording administrators

For the permissions of Session Recording administrators, see the following table:

Full admin Privileged player admin Read-only admin
  Access the Dashboard page Enabled Disabled Disabled
  Configure server settings Enabled Disabled Disabled
  Configure policies Enabled Disabled Disabled
  Place access restrictions on recordings Enabled Enabled Enabled
  Remove access restrictions on recordings Enabled Enabled Disabled
  Archive and delete recordings manually Enabled Enabled Disabled
  Archive and delete recordings automatically Enabled Disabled Disabled
  Configure playback permissions Enabled Disabled Disabled

For information on configuring permissions for Session Recording read-only administrators, see Configure playback permissions.

Administrator permissions