Add or modify an admin

Last updated June 17th, 2026

Through the Knox Admin Portal, the super admin who created the tenant can invite sub-admins to the new console. You can create different roles to give sub-admins access to manage or view various sections of the console.

Permissions are handled differently between consoles. For example, if you give a sub-admin permission to manage users in the new console, that permission won’t be automatically carried over if you switch your tenant to the original console. Instead, you must configure different permissions to give the sub-admin access to manage users in the original console.

See Add and modify administrators to learn more about setting IT sub-admin permissions in the original console.

Add sub-admins

To add a sub-admin, you must first invite them through the Knox Admin Portal and give them access to Knox Manage. To learn more, see Manage admins and roles for Knox Services.

Create a role for Knox Manage

A role is a set of permissions assigned to admins. By default, the main account holder who signed up for the Knox account is granted the super admin role, which grants them full access to every feature in Knox Manage and all other Knox cloud services.

Only one super admin can exist for a Knox account.

When you invite a sub-admin to Knox Manage, you can choose to either:

Grant them the Viewer role, a pre-built role, which gives the sub-admin read-only access to the new console.
Create a new role with custom view and management permissions for each segment of the console.

To create a custom role for Knox Manage:

Go to the Administrators & Roles page.
Click the Roles tab, then click CREATE ROLE near the top-right corner.
On the Create role page, select Knox Manage in the Service field.
Give the role a unique name and optional description. Then assign permissions to the role:

Permission	Values
Dashboard	Specify whether sub-admins can manage or view the dashboard. Values View only — Lets the sub-admin view the dashboard. Manage dashboard — Lets the sub-admin manage the dashboard.
Users	Specify whether sub-admins can manage or view users. Values View only — Lets the sub-admin view users. Manage users — Lets the sub-admin manage users. Select at least one of the following options. Create and edit Delete
Devices	Specify whether sub-admins can manage or view devices. Values View only — Lets the sub-admin view devices. Manage devices — Lets the sub-admin manage groups. You can also specify whether the sub-admin can apply All device actions or Only specific device actions. See the following list of device actions: Push profile Lock/Unlock Device Clear screen lock Factory reset Reboot device Push notification Exit kiosk Unenroll & factory reset Uninstall app Delete app data Delete unenrolled device
Group	Specify whether sub-admins can manage or view groups. Values View — Lets the sub-admin view groups. All groups — The sub-admin can view all groups. Only specific groups — The sub-admin can only view the groups you select. Manage — Lets the sub-admin manage groups. All groups — The sub-admin can manage all groups. Select at least one of the following actions. Create and edit Delete Only specific groups — The sub-admin can only manage the groups you select. Select at least one of the following options. Create and edit Delete
Organization	Specify whether sub-admins can manage or view organizations. Values View — Lets the sub-admin view organizations. All organizations — The sub-admin can view all organizations. Only specific organizations — The sub-admin can only view the organizations you select. Manage — Lets the sub-admin manage organizations. All organizations — The sub-admin can manage all organizations. Select at least one of the following actions. Create and edit Delete Only specific organizations — The sub-admin can only manage the organizations you select. Select at least one of the following options. Create and edit Delete
Application	Specify whether sub-admins can manage or view applications.
Content	Specify if sub-admins can manage or view content.
Profiles and policies	Specify whether sub-admins can manage or view profiles and policies. Values View — Lets the sub-admin view profiles and policies. All organizations — The sub-admin can view all profiles and policies. Only specific organizations — The sub-admin can only view the profiles and policies you select. Manage — Lets the sub-admin manage profiles and policies. All profiles and policies — The sub-admin can manage all profiles and policies. Select at least one of the following actions. Create and edit Delete Only specific organizations — The sub-admin can only manage the profiles and policies you select. Select at least one of the following options. Create and edit Delete
Identity provider	Specify if sub-admins can view or manage identity providers.
Certificate	Specify if sub-admins can view or manage certificates.
API Integration	Specify if sub-admins can view or manage API clients.
Reports	Specify if sub-admins can view or manage reports.
Rules	Specify if sub-admins can view or manage rules.
Knox Manage logs	Specify what logs sub-admins can view. Values Activity logs Device logs Group action logs
License	Specify if sub-admins can view or manage licenses.
Administrators and Roles	Specify if sub-admins can manage other sub-admins and roles. Values Invite and manage administrators — Lets the sub-admin invite, deactivate, reactivate, and revoke sub-admin privileges from other Knox Manage admins. Note that a sub-admin with this permission can override the assigned roles of other admins. Use caution when assigning this role. Manage roles — Lets the sub-admin create, edit, and delete roles. Note that a sub-admin with this permission can change their role to include other permissions that you may not have granted. Use caution when assigning this role.

Add or modify an admin

Add sub-admins

Create a role for Knox Manage

On this page