On this tab
This page describes how to create, edit, and delete roles for MSP admins.
Create a role
On the Knox MSP Portal, go to Roles.
On the top-right, click CREATE ROLE.
In the Create role screen, create a name and description for the role and assign the permissions outlined under Role permissions. If you leave any items unchecked, the respective permission is blocked for the MSP admin with this role.
Click SAVE.
Edit a role
On the Knox MSP portal, go to Roles.
Under the ROLE NAME column, click the role you want to edit. You can use the search bar to search for role names.
In the Edit role screen, you can change the role name, its description, and permissions. For more info on each of the permissions, see the Role permissions section.
Click SAVE.
Delete a role
On the Knox MSP portal, go to Roles.
Under the ROLE NAME column, click the role you want to delete. You can use the search bar to search for role names.
In the Edit role screen, click DELETE.
A Delete role confirmation dialogue appears. If this role is assigned to one or more admins, their names are displayed. The dialogue box mentions that these admins will not have any role assigned after the role deletion and will need to be assigned a new role. Click DELETE.
Role permissions
| Parent permission | Permission | Admins can... |
|---|---|---|
| Manage customer account | Add a new customer and edit customer account information, including the access level | Add new customers and edit customer account information. Access level determines whether or not the admin will be able to request a change to the customer access level from no access to full access. |
| Delink customer | Delink customers. Delinking means the customer is no longer managed by the MSP. See Delink a customer to know more about this feature. | |
| Profiles | View | View profile information. |
| Manage profiles | Copy, assign, and remove copied profiles on the Knox MSP Portal. | |
| Licenses | Manage licenses (add, edit, assign/unassign to customer, and delete) | Add, edit, delete, and assign/unassign licenses to customers. |
| MSP activity log | View MSP activity log | View the MSP activity log, which lists all activities performed by MSP admins in the Knox MSP Portal. This does not apply to the Customer activity log. MSPs can view all the information in the Customer activity log except email addresses of customer IT admins. |
| MSP administrators and roles | Invite and manage MSP administrators | Invite new admins, delete admins, and change the Role and List of customers of existing admins. Important Allowing this permission gives the MSP admin the ability to delete, edit, or change permissions for other admins. Practice caution while giving these permissions. |
| Manage MSP roles | Edit all of the role permissions as described in this section. Warning An admin with this permission can change their own role to include all permissions. | |
| MSP devices and uploads | View | View device information. |
| Manage devices (move devices to customer, manually approve device uploads) | Assign devices to customers and approve device uploads. | |
| Delete | Delete devices from the Knox MSP Portal and Reseller Portal. | |
| Reseller | View | View reseller information. |
| Manage resellers (register, edit and auto-approve uploads) | Register, edit, and auto-approve device uploads from resellers. | |
| Delete | Delete resellers from the Knox MSP Portal. | |
| Knox Manage permissions | View only | View information on the customer's Knox Manage console. Only applies when viewing a customer's Knox Manage account. Enabling view-only access to Knox Manage doesn't override management permissions in the Knox MSP Portal. |
| Full access (default) | Access and manage Knox Manage data in the customer's Knox Manage tenant. Full access to Knox Manage doesn't override MSP view permissions on the Knox MSP Portal. Warning This role setting has no impact if the customer isn't subscribed to Knox Manage. Full access permissions are granted by default. |
Currently, the Knox MSP Portal doesn’t support role-based access control for its admins when accessing customer consoles (such as Knox Mobile Enrollment and Knox Configure). MSP admins will have full permissions, but can’t create roles or manage customer admins.
This document was updated for the Knox Partner Program 23.12 UAT.
On this tab
This page describes how to create, edit, and delete roles for MSP admins.
Create a role
On the Knox MSP Portal, go to Roles.
On the top-right, click CREATE ROLE.
In the Create role screen, create a name and description for the role and assign the permissions outlined under Role permissions. If you leave any items unchecked, the respective permission is blocked for the MSP admin with this role.
Click SAVE.
Edit a role
On the Knox MSP portal, go to Roles.
Under the ROLE NAME column, click the role you want to edit. You can use the search bar to search for role names.
In the Edit role screen, you can change the role name, its description, and permissions. For more info on each of the permissions, see the Role permissions section.
Click SAVE.
Delete a role
On the Knox MSP portal, go to Roles.
Under the ROLE NAME column, click the role you want to delete. You can use the search bar to search for role names.
In the Edit role screen, click DELETE.
A Delete role confirmation dialogue appears. If this role is assigned to one or more admins, their names are displayed. The dialogue box mentions that these admins will not have any role assigned after the role deletion and will need to be assigned a new role. Click DELETE.
Role permissions
MSP Portal permissions
| Parent permission | Permission | Admins can... |
|---|---|---|
| Manage customer account | View only | Only view the Manage customer account menu on the MSP Portal. |
| Add a new customer and edit customer account information, including the access level | Add new customers and edit customer account information. Access level determines whether or not the admin will be able to request a change to the customer access level from no access to full access. | |
| Delink customer | Delink customers. Delinking means the customer is no longer managed by the MSP. See Delink a customer to know more about this feature. | |
| Profiles | View only | Only view profile information. |
| Manage profiles | Copy, assign, and remove copied profiles on the Knox MSP Portal. | |
| Licenses | View only | Only view license information. |
| Manage licenses (add, edit, assign/unassign to customer, and delete) | Add, edit, delete, and assign/unassign licenses to customers. | |
| MSP activity log | View MSP activity log | View the MSP activity log, which lists all activities performed by MSP admins in the Knox MSP Portal. This does not apply to the Customer activity log. MSPs can view all the information in the Customer activity log except email addresses of customer IT admins. |
| MSP administrators and roles | Invite and manage MSP administrators | Invite new admins, delete admins, and change the Role and List of customers of existing admins. Important Allowing this permission gives the MSP admin the ability to delete, edit, or change permissions for other admins. Practice caution while giving these permissions. |
| Manage MSP roles | Edit all of the role permissions as described in this section. Warning An admin with this permission can change their own role to include all permissions. | |
| MSP devices and uploads | View only | Only view device information. |
| Manage devices (move devices to customer, manually approve device uploads) | Assign devices to customers and approve device uploads. | |
| Delete | Delete devices from the Knox MSP Portal and Reseller Portal. | |
| Resellers | View only | Only view reseller information. |
| Manage resellers (register, edit and auto-approve uploads) | Register, edit, and auto-approve device uploads from resellers. | |
| Delete | Delete resellers from the Knox MSP Portal. |
Customer portal: shared permissions
| Parent permission | Permission | Admins can... |
|---|---|---|
| Profiles and campaigns | View only | Only view profiles and campaigns in customer portals. |
| Manage profiles and campaigns | Create and edit profiles and campaigns in customer portals. Select Delete profiles and campaigns to allow admins to delete profiles and campaigns. | |
| Devices and uploads | View only | Only view devices and uploads in customer portals. |
| Manage devices | Add and edit devices in customer portals. Select Delete devices to allow admins to delete devices. | |
| Licenses | View only | Only view licenses in customer portals. |
| Manage licenses | Add and edit licenses in customer portals. Select Delete licenses to allow admins to delete licenses. | |
| Resellers | View only | Only view resellers in customer portals. |
| Manage resellers | Add and edit resellers in customer portals. Select Delete resellers to allow admins to delete resellers. | |
| Activity log | View activity log | View the activity log on all customer portals. |
| Device users (Knox Mobile Enrollment and Knox Asset Intelligence only) | View only | Only view device users in customer portals. |
| Manage device users | Manage and edit device users in customer portals. Select Delete device users to allow admins to delete device users. | |
| Dashboard (Knox Configure and Knox E-FOTA only) | View only | Only view the Dashboard in customer portals. |
| Manage dashboard view and data collection | Modify the dashboard view and determine which data is collected. |
Customer portal: service specific permissions
| Parent permission | Permission | Admins can... |
|---|---|---|
| Knox Manage | View only | View information on the customer's Knox Manage console. Only applies when viewing a customer's Knox Manage account. Enabling view-only access to Knox Manage doesn't override management permissions in the Knox MSP Portal. |
| Full access (default) | Access and manage Knox Manage data in the customer's Knox Manage tenant. Full access to Knox Manage doesn't override MSP view permissions on the Knox MSP Portal. Warning This role setting has no impact if the customer isn't subscribed to Knox Manage. Full access permissions are granted by default. | |
| Knox Configure | View only | Only view the customer's Knox Configure console. |
| Manage library | Add to, edit, and download the customer's Knox Configure library. Select Delete library to allow admins to delete items from the customer's library. | |
| Knox E-FOTA | View only | Only view the customer's Knox E-FOTA console. |
| Manage EMM groups | Connect, reconnect, disconnect, and manage EMM groups. | |
| Service and Preferences | Manage default support information and Manage Privacy policy settings. | |
| Knox Asset Intelligence | Manage reporting settings | Manage Knox Asset Intelligence reporting settings from the customer's portal. |
Is this page helpful?
Thank you for your feedback!