Permissions on identity providers can be controlled at two levels—system-wide and on a provider-by-provider basis. When designing an identity provider permission scheme, you may use entirely system-wide permissions or you may use a combination of system-wide permissions and provider-level permissions. Both system-wide and provider-level permissions are configured through Security Roles (see Security Role Operations).
> Privileged Access Management page, and Modify permissions to modify the settings.System-wide identity provider permissions are controlled using the Identity Provider role permission. These permissions control which users have access to viewing and managing any identity providers you will use in your Keyfactor Command implementation.
Figure 395: Global Identity Provider Permissions
Identity provider-level permissions are controlled with the optional provider-by-provider permissions on the Identity Providers tab of the Security Role Information dialog. The permissions set on the Identity Providers tab allow a user to access only the referenced identity provider when selected.
Any identity providers that do not have provider-level permissions applied fall back to the system-wide permissions, if any system-wide permissions have been set for that security role.
Figure 396: Identity Provider Permissions
Identity provider permissions can be granted system-wide or on a provider basis. Both options share the same permission options (see Identity Providers).