ACP administrator

Cloudentity Authorization Control Plane (ACP) comes with flexible built-in administration capabilities both via UI and API set.

Administrator persona

The persona of a tenant administrator in ACP has full control over all workspaces that are part of the current or default tenant (in the single-tenant mode).

Administrator is usually an owner of the ACP product, a member of the security or infrastructure team responsible for the API enablement and the API access control. Also, an API product owner can be delegated to overlook the protection and exposure of APIs as a tenant administrator in ACP.

Technically, the administrator is a user connected to the system workspace.

Note

You can configure who can act as an administrator using ACP BYOID. By supporting various OAuth and OIDC flows, ACP can be integrated with all kinds of applications, including web, mobile, backend, IoT.

The tenant administrator can create and manage

  • Workspaces with corresponding authorization servers (including developer and system workspaces),
  • Sources of identity for each workspace,
  • Protected services and scopes,
  • Authorization policies,
  • Privacy and consent settings for the tenant,
  • Custom claims and mappings.

Administrator portal

ACP comes with the administrator portal, which allows administrators to control critical aspects of the API protection, authorization, and the API integration with client applications.

All features for administrators are available in the portal UI (https://acp-hostname/default/admin) and can be also accessed via admin APIs.

Further reading

See ACP administrator portal description for more details.