Troubleshooting Delegation to Cayosoft Web Portal

Summary: There are situations when a user logged-in to the Web Portal can't see the delegated Admin Unit or can't find an object for which he has permissions.

This article explains what may be the root cause of these issues.

Applies to: Cayosoft Administrator 5.4.2 or later.

Delegated administrator can't see Admin Unit

Issue: A user logged-in to Web Portal can't see the delegated Admin Unit.

This may happen when Automatic Sign-in (SSO) is used for users authentication and the delegation was made not directly to a user but via adding a user to the Active Directory group that already has permissions to perform certain actions in this Admin Unit.

Resolution

1. In the Cayosoft Administrator Console, navigate to Web Portal settings.

2. In User Sign-in Settings, check if you use Automatic Sign-in (SSO) as a user sign-in authentication method to Web Portal

3. In this case, the Cayosoft Administrator Service receives the current user token that was issued before a user was added to the group. In order a user can see the delegated Admin Unit in the Web Portal, they should log-off and then log-in on his computer so Cayosoft Administrator Service re-read the user token.

Delegated administrator can't find an object to add to a group

Issue: When modifying group membership, a delegated administrator can't find the object that should be added to a group. There is no such object type on the Select Object dialog.

Resolution

1. In the Cayosoft Administrator Console, navigate to Configuration > Roles > Web Administrators

2. Browse for the Delegation Rule where this delegated administrator is added as Trustee directly or via a group.

3. Browse for the Object Pickers section.

4. Check that AD Users, AD Groups, AD Contacts and AD Computers are not disabled - they must not be checked.