Manage Identity and Access Through Common Services

• Learn all About Identity and Access and how it enables you to manage service accounts and users, and to control their access to apps and resources at a certain level of your tenant hierarchy.
• Add Access for users or service accounts. You can grant user or service account access to multiple tenants at various levels of your tenant hierarchy. Any user access added to a tenant is also automatically added to all of that tenant's children.
• Remove Access from the platform, as well as from the tenants that you created.
• Learn About Roles and Permissions. In the Identity and Access role-based access control (RBAC), roles work as a union. If you assign a role to a user for a specific app and another role for All Apps & Services, the user will get the union of both permissions.
• While adding user access, you also Assign a Role to grant privileges. Assigning a role to a service account is optional.
• After adding user access and roles, you can assign additional roles, either individually or Assign a Batch of Predefined Roles.
• If you require more granular access control than the predefined roles provide, you can Add a Custom Role to define which permissions are enforced for your users.
• If you add a custom role or you create one by cloning, and you need to make changes to it, you can Modify a Custom Role.
• If you require more granular access control than the predefined roles provide, you can add a role from scratch or you can create one by Cloning a Role.
• For API usage, you can Add a Service Account to the platform as well as to the tenants you have created. A service account is not tied to a specific user.
• After you add a service account, you can Update a Service Account to make changes.
• Remove a Service Account that is no longer needed.
• Third Party Identity Provider Integration Guidelines for integrating with a third party identity provider (IDP) to allow access to the platform, rather than adding users directly to the platform itself.