Skip to main content
Protector Plus supports two identity types and two role tiers. Local accounts are used for bootstrap and break-glass; Enterprise SSO is the recommended production identity source.
Roles and Access management

Roles & Access management view. Local accounts and SSO identities are both bindable to applications.

Identity types

Roles

Adding a user

Add user access

The Add User Access dialog. Assign role, identity type, and bind to one or more applications.

1

Open Access Management → Add User Access

Available to Super Admin only.
2

Choose identity type

Local Account for break-glass; Enterprise SSO for normal production users.
3

Assign role and applications

Select role (Super Admin or App User) and tick the applications the user should access.
4

Save

The binding is active immediately.

Access matrix (TDD)

Dashboard role matrix (User Guide)

A simplified per-page matrix used by the dashboard:

Audit trail

Open Profile → Access Logs to view dashboard account activity (logins, profile changes, API-key generations). Export to CSV from the bottom of the page for offline retention.

Bootstrap recovery

The initial local Super Admin remains available even after SSO is bound, providing a break-glass entry point for recovery scenarios. Treat the local admin credential as sensitive — store it in your secrets vault.