Quasr
  • Introduction
    • Welcome to Quasr
    • Concepts
      • Flexible Authentication
      • User-Centric Privacy
      • Modern Development
    • Terminology
    • FAQs
  • Getting Started
    • Sign up with Quasr
    • Setup your tenant
      • Factor Configuration
      • Enrolling additional factors
      • Test with the Sample Client
      • Understanding Scopes & Scores
      • Setting up an API Client (M2M)
    • Connect your app
      • Hosted Login UI
      • Custom Login UI
      • Embedded Login UI
  • Account Administration
    • Introduction
    • Account & Billing
      • Metrics
    • Tenants
    • Usage & Statistics
    • Security
  • Tenant Administration
    • Introduction
    • Dashboard
    • Tenant Settings
    • Your Security
    • Accounts
      • Tenant Admins
    • Factors
      • Factors and Scoring
      • Username (ID)
      • Federation (OAuth2 / OIDC)
        • Apple
        • Facebook
        • GitHub
        • Google
        • LinkedIn
        • Slack
      • Time-based One-time Password (TOTP)
      • One-Time Password (OTP)
      • Password
      • Secret
    • Controls
      • Configuration
      • Permissions
      • Consents
      • Rules
    • Attributes
      • Capturing Claims
      • Sourcing Claims
      • Viewing Claims
      • Searching Claims / Users
      • Sharing Claims
    • Extensions
      • Synchronous
      • Asynchronous
    • Tokens
      • Session Token (OAuth 2.0)
      • Access Token (OAuth 2.0)
      • Refresh Token (OAuth 2.0)
      • ID Token (OIDC 1.0)
      • Consent Token
      • Authorization Code (OAuth 2.0)
    • Hosted Login Page
    • APIs
      • Authentication API
      • Management API (GraphQL)
  • Legal
    • Terms of Service
    • Acceptable Use Policy
    • DPA & Subprocessors
  • More Info
    • Standards
    • Security
      • Vulnerability Disclosure
      • Wall of Recognition
    • Support
    • Status
Powered by GitBook
On this page
  • Onboarding New Admins
  • Internal vs External
  1. Tenant Administration
  2. Accounts

Tenant Admins

PreviousAccountsNextFactors

Last updated 1 year ago

Accounts with the Admin Access permission are tenant administrators. You can see this on your own account under Accounts > Users > Permissions. This grant the account permission to obtain the https://api.quasr.io/scopes/admin scope.

Onboarding New Admins

You can create new accounts with admin permissions. Upon creation you'll get an invite token which you can send to your intended admins. They can use this invite token on your Hosted Login UI to start the signup process.

Your Admin UI URL is https://admin.quasr.io/{{TENANT_ID}}/{{CLIENT_ID}} where the Client ID is the ID of the Admin UI which you can find under Accounts > Clients. You can also find the URL in your browser in the Admin UI as well as under Tenant Setting.

Please be mindful that with Quasr all users live in their tenant, meaning that your admins need an account in your tenant - and not in the Quasr root tenant. So if they sign up with Quasr the account ID shown in the Account UI is not relevant as it lives in the root tenant. You can of course choose to allow Login with Quasr, and this will allow them to sign up in your tenant using their Quasr account.

Internal vs External

An important detail is the External flag on each account. This flag indicates whether the account is not part of your organization, and needs to be considered as an external customer. Hence for tenant admins this should in most case be set to false (i.e. unchecked).

The effect of the flag is that for internal (i.e. not external) accounts legals won't need to be accepted explicitly. As these accounts are part of your organization they will accept these as part of their work arrangement. Furthermore internal accounts can signup using non-public factors.

Notice the Admin Access permission on a tenant admin account.
Signup using an invite token on the Hosted Login UI.
External flag on account