OOTB Admin User best practice

nt6
Kilo Expert

‎12-30-2019 02:41 AM

Hi,

What would be best practice for OOTB admin user? I have read that it's recommended to disable or rename it after manage to login and create new users.

Also what about best practice for admin role user in general? for example we are now setting up SSO with Okta, should we create an admin account special for Okta or better just to use a generic one?

Thx

Labels:
0 Helpfuls
  • 2,788 Views
4 REPLIES 4

Monali Patil
Kilo Guru

‎12-30-2019 08:42 PM

Hi,

 

They(Admin role) would still need to understand how to use Update Sets properly though. I've seen some clients grant catalog_admin without training those individuals and their instances get messy. When done correctly, these "sub" admin roles work great!

I have seen a few gaps and "missing" capabilities for those admins that one might expect to exist, so be prepared to modify your Access Controls a bit as you start to use these sub-admin admin roles.

In terms of segregating by application, some of the more recent apps like PPM and Release include an "admin" role, but they do not segregate "full" admin type of privileges to those apps. They basically add full-time write and delete to tasks in those spaces. You'll need to build some pretty extensive Access Controls to segregate "full" customization/configuration type of admin role by application as you have described.

It may make sense in development environments to grant the admin role extensively. But in production, a better approach is to grant administrative users one or more special administrative roles that are specific to the functions they perform. For example, the catalog_admin role grants privileges needed to manage the Service Catalog application, the report_admin role allows users to manage reports, and so forth.

 

If my answer helps you please mark as correct/helpful.

 

Regards,

Monali Patil

Developer

Onkar Pandav
Tera Guru

‎01-03-2020 02:02 AM

Sharing one link that may useful.

Link: Click Here

--

Thanks & Regards

Onkar

find_real_file.png

Preview file
5 KB

nt6
Kilo Expert

‎01-14-2020 07:25 AM

Thanks @Onkar Pandav & @Monali Patil for your replies.

Although what I mean by admin user is the OOTB platform admin (System Administrator), not application admin (catalog_admin etc.). As said we're setting up SSO and pushing users information from Okta and currently use that user, which I honestly dislike .. I would like to know the cons of creating a separate admin user for each integration e.g Okta with admin role.

Is there a license specific to user with admin role?

 

0 Helpfuls

Alberto Consonn
ServiceNow Employee
ServiceNow Employee
In response to nt6

‎01-14-2020 07:32 AM

Hi nt,

this very-well done blog written by Jim will explain you everything about Admin users (pro / cons):

https://community.servicenow.com/community?id=community_blog&sys_id=68dd26e9dbd0dbc01dcaf3231f9619d0

Hope this can clarify your idea.

If I have answered your question, please mark my response as correct and/or helpful.

Thank you very much

Cheers
Alberto