Admin Controls Walkthrough: Managing Users, Roles, and Permissions
IT admins need to manage users, roles, and permissions so the right people have the right access. This walkthrough covers the main admin controls in DigitalMeet—from user provisioning to role assignment, SSO configuration, and security policies.
Why Admin Controls Matter
In any enterprise deployment, access management is the foundation of security and compliance. Misconfigured permissions lead to data exposure, unauthorized recordings, and audit failures. DigitalMeet provides a layered admin control system that lets IT teams manage user lifecycle, define granular roles, enforce identity policies, and audit access—all from a single console. Whether you have 50 users or 50,000, these controls scale with your organization.
Step 1: Access the Admin Console
Sign in with an administrator account at your organization's DigitalMeet URL. The admin console is accessible from the left sidebar under Administration. From here you manage organization settings, users, groups, roles, identity providers, and security policies.
Tip: Bookmark the admin console URL and restrict admin accounts to a small group. Use separate admin accounts from daily-use accounts to reduce the risk of accidental changes.
Step 2: User Provisioning
DigitalMeet supports multiple provisioning methods to match your organization's identity infrastructure.
Provisioning Method Comparison
| Method | Setup Effort | Automation | Best For | Deprovisioning |
|---|---|---|---|---|
| Manual (admin console) | Low | None | Small teams, pilot deployments | Manual disable/delete |
| SSO + SCIM | Medium | Full — create, update, deactivate synced from IdP | Enterprise with IdP (Okta, Azure AD, Google Workspace) | Automatic on IdP deactivation |
| Just-in-time (JIT) | Low | Partial — user created on first SSO login | Large orgs where pre-provisioning is impractical | Manual or via IdP sync |
| CSV bulk import | Low | Batch | Migrations, onboarding cohorts | Manual |
| API provisioning | High | Full — programmatic user management | Custom HR/ITSM integrations | Programmatic |
- Navigate to Admin Console > Users > Add Users.
- Choose your provisioning method.
- For manual provisioning, enter email, name, and role. For SSO/SCIM, configure your identity provider (see Step 4).
- Assign users to groups or teams as appropriate.
- Review and confirm the user list.
When employees leave or change roles, promptly disable or update their accounts. SCIM-connected organizations benefit from automatic deprovisioning when users are deactivated in the IdP—no manual cleanup required.
Step 3: Roles and Permissions
DigitalMeet uses a role-based access control (RBAC) model. Each user is assigned one or more roles that determine what they can see and do across the platform.
Role Permissions Matrix
| Capability | Admin | Host | Member | Guest |
|---|---|---|---|---|
| Access admin console | Yes | No | No | No |
| Manage users and roles | Yes | No | No | No |
| Configure org settings | Yes | No | No | No |
| Create meetings | Yes | Yes | No | No |
| Schedule recurring meetings | Yes | Yes | No | No |
| Start/stop recording | Yes | Yes | No | No |
| Join meetings | Yes | Yes | Yes | Invite only |
| View recordings | All | Own meetings | Permitted meetings | No |
| Download recordings | Yes | Configurable | Configurable | No |
| Share documents | Yes | Yes | Yes | Read only |
| View transcripts | All | Own meetings | Permitted meetings | No |
| Access analytics | Yes | Own metrics | No | No |
| Configure integrations | Yes | No | No | No |
| Set data residency | Yes | No | No | No |
| View audit logs | Yes | No | No | No |
- Navigate to Admin Console > Roles.
- Review the default roles (Admin, Host, Member, Guest) and their permissions.
- To customize, clone an existing role and modify specific permissions.
- Assign roles to individual users or to groups for bulk assignment.
- Apply the principle of least privilege: give users only the permissions they need for their function.
Important: Custom roles allow you to create specialized permission sets—for example, a "Compliance Auditor" role with read access to recordings and audit logs but no ability to create meetings or manage users.
Step 4: SSO and Identity Provider Configuration
Single sign-on centralizes authentication, improves security, and reduces password fatigue. DigitalMeet supports the major federation protocols and identity providers.
- Navigate to Admin Console > Security > Identity Providers.
- Click Add Identity Provider and select your protocol (SAML 2.0 or OpenID Connect).
- Enter your IdP metadata URL or upload the metadata XML (for SAML).
- Configure attribute mapping: email, display name, groups, and role.
- Enable Just-in-time provisioning if you want users created on first login.
- Test the SSO flow with a non-admin account before enforcing SSO for the organization.
- Once verified, optionally enforce SSO-only login (disable password authentication).
Supported identity providers include Okta, Azure Active Directory, Google Workspace, OneLogin, Ping Identity, and any SAML 2.0 or OIDC-compliant provider. For security best practices, see Enterprise Video Conferencing Security.
Step 5: Security and Usage Policies
Beyond roles and identity, DigitalMeet provides policy controls that govern how the platform is used across the organization.
- Recording policy — require, allow, or disable recording per meeting type
- Data retention policy — auto-delete recordings and transcripts after a defined period
- Data residency — restrict storage and processing to approved regions (see Data Residency Setup)
- Acceptable use — define terms of use displayed to users on login
- Session timeout — auto-logout after inactivity period
- IP allowlisting — restrict admin console access to approved networks
- Audit logging — all admin actions, user logins, and permission changes are logged with timestamps and actor identity
Review audit logs regularly. Export them to your SIEM using the syslog or OTLP integration described in Enterprise Observability.
Step 6: Verify and Audit Your Configuration
- Create a test user with each role and verify they can only access what their role permits.
- Test SSO login and verify attribute mapping (name, email, group, role).
- Attempt an action outside the test user's permissions and confirm it is blocked.
- Review the audit log to verify all test actions are recorded.
- Run the built-in access review report to identify users with excessive permissions.
Frequently Asked Questions
Can we use our own SSO provider?
Yes. DigitalMeet supports SAML 2.0 and OpenID Connect with any compliant identity provider, including Okta, Azure AD, Google Workspace, OneLogin, and Ping Identity.
How do we remove a user?
Disable or delete the user in the admin console. If SCIM is configured, deactivating the user in your IdP automatically deactivates them in DigitalMeet. Access is revoked immediately.
What roles are available?
Default roles include Admin, Host, Member, and Guest. You can create custom roles by cloning a default role and adjusting specific permissions to match your organization's needs.
Can roles be assigned per group?
Yes. Assign roles to groups for bulk management. Users inherit the permissions of all groups they belong to. Group-level role assignment simplifies onboarding and offboarding.
How does Just-in-time provisioning work?
When JIT is enabled, a user account is automatically created the first time someone logs in via SSO. The account inherits role and group assignments based on IdP attribute mapping.
Can we restrict admin access by IP?
Yes. Configure IP allowlisting under Security > Network to restrict admin console access to approved corporate networks or VPN ranges.
How are audit logs retained?
Audit logs are retained for one year by default. Export them to external storage or SIEM for longer retention. All admin actions, user logins, and permission changes are captured.
What happens if SSO is down?
DigitalMeet supports a break-glass admin account that can authenticate with a password even when SSO is enforced. Keep this account secured and its credentials stored in a vault.
For more on getting started with DigitalMeet, see Getting Started and Security and Privacy.