Assign administrative permissions
To assign permissions to administrators, go to the Administrators tab on the Identity and Access Management page of Citrix Cloud.
Video about assigning permissions to administrators:
Types of Session Recording administrators
For Session Recording specifically, there are three types of administrators, which are achieved by assigning different roles:
|Type of Session Recording administrator||Description|
|Full admin||Citrix Cloud administrators assigned any of the following permissions:|
|- Full access|
|- Cloud Administrator, All role|
|- Session Recording-FullAdmin, All role|
|Privileged player admin||Citrix Cloud administrator assigned:|
|- only the Session Recording-PrivilegedPlayerAdmin, All role or|
|- the Session Recording-PrivilegedPlayerAdmin, All and Session Recording-ReadOnlyAdmin, All roles|
|Read-only admin||Citrix Cloud administrator assigned only the Session Recording-ReadOnlyAdmin, All role|
The administrators that you add through Azure AD groups don’t have any permissions initially. To assign them permissions, specify custom access that aligns with the administrators’ roles in your organization.
Add administrators from Azure AD
Administrative access to the Session Recording service is enabled for Azure Active Directory (AD) users and groups.
A general workflow to use the feature is as follows:
- Connect your Citrix Cloud account to your Azure AD. For more information, see Connect Citrix Cloud to Azure AD.
Add administrators to Citrix Cloud from Azure AD.
Citrix Cloud supports adding administrators either individually or as Azure AD groups.
- To add individual administrators from Azure AD, see Add new administrators. When you add an administrator, Citrix sends them an invitation email. Before the administrator can sign in, they must accept the invitation.
- To add Azure AD administrator groups to Citrix Cloud, see Add an administrator group to Citrix Cloud. Administrators that you add through Azure AD groups don’t receive invitations and can sign in to Citrix Cloud immediately after you add them.
Specify permissions for the administrators that you add.
For Session Recording specifically, there are three types of administrators, which are achieved by assigning different roles. For more information, see Types of Session Recording administrators.
- The administrators that you add through Azure AD groups don’t have any permissions initially. To assign them permissions, specify custom access that aligns with the administrators’ roles in your organization.
- The Playback Permissions menu in the left navigation of the Session Recording service is invisible for the administrators that are added through Azure AD groups.
- The Generate command button for cloud client installation is unavailable for the administrators that are added through Azure AD groups.
Permissions of Session Recording administrators
For the permissions of Session Recording administrators, see the following table:
|Full admin||Privileged player admin||Read-only admin|
|Access the Dashboard page||Enabled||Disabled||Disabled|
|Configure server settings||Enabled||Disabled||Disabled|
|Place access restrictions on recordings||Enabled||Enabled||Enabled|
|Remove access restrictions on recordings||Enabled||Enabled||Disabled|
|Archive and delete recordings manually||Enabled||Enabled||Disabled|
|Archive and delete recordings automatically||Enabled||Disabled||Disabled|
|Configure playback permissions||Enabled||Disabled||Disabled|
For information on configuring permissions for Session Recording read-only administrators, see Configure playback permissions.