Summary: There are situations when a user logged-in to Cayosoft Web Portal can't see the delegated Admin Unit or can't find an object for which he has permissions.
This article explains what may be the root cause of these issues.
Applies to: Cayosoft Administrator 5.4.2 or later
Delegated administrator can't see Admin Unit
Issue: A user logged-in to Cayosoft Web Portal can't see the delegated Admin Unit.
This may happen when Automatic Sign-in (SSO) is used for users authentication and the delegation was made not directly to a user but via adding a user to the Active Directory group that already has permissions to perform certain actions in this Admin Unit.
- In Administrator Console navigate to Web Portal settings.
- In User Sign-in Settings check if you use Automatic Sign-in (SSO) as a user sign-in authentication method to Cayosoft Web Portal.
In this case, Cayosoft Administrator Service receives the current user token that was issued before a user was added to the group. In order a user can see the delegated Admin Unit in Cayosoft Web Portal, he should log-off and then log-in on his computer so Cayosoft Administrator Service re-read the user token.
Delegated administrator can't find an object to add to a group
Issue: When modifying group membership, a delegated administrator can't find the object that should be added to a group. There is no such object type on Select Object dialog.
- In Administrator Console navigate to Home > Configuration > Roles > Web Administrators
- Browse for Delegation Rule where this delegated administrator is added as Trustee directly or via a group.
- Browse for Object Pickers section.
- Check that AD Users, AD Groups, AD Contacts and AD Computers are not disabled - they must not be checked.