Administrators are users that can perform additional actions that regular users cannot.

Administrators are different from regular users in the following ways:

• They can see and edit all images and clones, regardless of ownership.
• They can manage connections.

How to set administrators

Administrators are identified by TDM via a custom claim called rgtdm_admin via your configured Identity Provider (e.g. Azure).

rgtdm_admin must be a boolean with value true if the user is an admin and false if not. This is most easily assigned and set via user roles.

Instructions for Azure

An example of how to set up this claim and assign it has been outlined below for Azure.

Adding custom claims

1. In the Azure portal, navigate to the "App Registrations" section.
2. Select the app that needs the custom claim added.
3. From the 'Overview' tab, select the 'Managed application in local directory' link under the 'Essentials' section.
4. Navigate to the 'Single Sign-on' section under the 'Manage' section.
5. Under the 'Attributes & Claims', click the 'Edit' button.
6. Click the 'Add new claim' button.
7. Provide the name rgtdm_admin for the claim. Select the 'Source' as 'Attribute' and provide the 'Source attribute' value user.assignedroles.

Adding custom roles

1. In the Azure portal, navigate to the "App Registrations" section.
2. Select the app that needs the custom role added.
3. Navigate to the 'App roles' section under the 'Manage' section.
4. Click the 'Create app role' button and create a new role. Assign the desired rgtdm_admin value the role should have (e.g. Admin = true, User = false).
5. Provide a brief description of the role.
6. Enable the app role and save the changes.

Assigning roles to users

1. In the Azure portal, navigate to the "App Registrations" section.
2. Select the app that needs the custom claim added.
3. From the 'Overview' tab, select the 'Managed application in local directory' link under the 'Essentials' section.
4. Navigate to the 'Users and groups' section under the 'Manage' section.
5. Click the 'Add user/group' button.
6. Select the Users or Groups that need to be assigned the role. Select the role that needs to be assigned.
7. To edit an existing user's role, select the user and click the 'Edit assignment' button. Change to the desired role and click 'Assign'.