Summary
Add admins to a portal, and manage admin access to portal settings.
Sub-portals, and permissions based on user types, are available to all customers.
The LearnUpon API is available depending on your LearnUpon plan.
Background
- Add users to your portal to learn basics of creating users manually
- User types and permissions: administrators for all permissions available to admins
- Create and manage sub-portals about sub-portals
Admin user types: overview
For organizations with a single portal, all admins are effectively top-level admins.
The distinction between top-level admins and sub-portal admins is important for organizations that use multiple portals.
Only top-level admins can submit requests for support from LearnUpon. Sub-portal admins do not have access to the support team: they need to contact their top-level admin to submit a ticket.
See Find help: access the Support desk.
Top-level portal administrators
By default, a top-level admin has access to all of a portal’s contents and settings, and full permissions to any sub-portals linked to the top-level portal.
A top-level portal admin with full permissions can create any type of admin including:
- more admins with the same full permissions
- admins with limited access to portal settings
- sub-portal admins with full permissions within their portal
- sub-portal admins with limited access to portal settings
Since top-level admins can access every portal by default:
- you can't add their account to another portal - admins already have access
- you can't change their user type in a sub-portal, from admin to manager or learner
Top-level portal admin user types are fixed across all portals in a realm.
Sub-portal admins, unlike top-level portal admins, can hold other user types in other portals within a realm.
For example: an account can hold learner permissions in 1 portal, a manager or instructor in a sub-portal, a sub-portal admin in a different sub-portal.
The following screenshot shows the default setting for a top-level admin user type, with Can access portal settings turned on.
Top-level administrator presence in sub-portals
LearnUpon does not list top-level admins in the Users menu in sub-portals. You can't add them to groups or enroll them through group settings.
Through your Customer Success Manager or the Support team, you can request a settings change, to allow limited access to top-level admin accounts in a sub-portal.
This change doesn't display admins through Users. It lets you enroll top-level admins as individuals onto courses on the sub-portal, typically for testing purposes.
Changing the setting lets you:
- enroll top-level admins to courses in a sub-portal, as individual learners
- assign top-level admins as instructors or course owners in a sub-portal
Top-level admins remain low profile in sub-portals, even with this setting changed:
- top-level admins do not appear in the list of Users in the sub-portal
- you, as an admin of any type, can't add top-level admins to sub-portal groups
Sub-portal administrators
For sub-portals, you create admins within the sub-portal in question.
Unlike top-level portal admins, sub-portal admins' user types can vary across portals.
Can access portal settings: in detail
The limited access to portal settings is not a separate user type. It’s an option on an existing admin user type.
With limited portal settings, an admin can’t access portal-wide features and settings. In their main navigation menu, Settings is unavailable.
Admins with limited portal settings can access users, groups, courses and content. This limited access reduces the chances of someone making accidental changes to a whole portal.
The way a top-level admin creates new admin accounts determines the accounts' permissions. When a top-level admin:
- creates new admin accounts manually, one by one - new accounts have full permissions on the portal by default
- invites new users as admins, or creates admins through API - the new accounts have no access to portal settings. The Can access portal settings option is turned off by default
Changing an admin’s permissions to allow portal access is a manual step. You can’t make this change through batch user import or API tools.
Admin permissions are the same in all portals in the realm. For example:
- a top-level admin with full permissions creates a sub-portal admin with limited permissions. The limited permissions apply to all portals in the realm
- if the sub-portal admin has their permissions changed to allow full permissions, the full permissions apply to all sub-portals in the realm
By default, any admin can create accounts with the same permissions, or fewer permissions than their own. Admins can’t add more permissions to themselves.
Similarly, sub-portal admins can’t change top-level admin permissions.
Some examples:
- an admin with limited portal settings creates another admin account. The new account has the same limited portal settings. The original admin has no option to change the new account to full permissions
- a sub-portal admin creates another admin account. The new account is a sub-portal admin account with the same, or fewer, permissions as the first sub-portal admin
- a top-level admin switches to a sub-portal and creates an admin account. This account is a sub-portal account, and defaults to full permissions within the sub-portal
- any admin can change an existing account to an admin account. The second account has the same permissions, or fewer permissions than the first
For portals with only 1 top-level admin, LearnUpon prevents that admin from changing their own permissions. Sole admins can’t accidentally lock themselves out of the portal. If an admin tries this step, they get an error message, that reads: Permission can’t be disabled on last admin account.
The following screenshot shows the error message.
Admin access to API keys: in detail
Changing an admin's options does not prompt LearnUpon to change API keys automatically.
If a top-level admin changes an existing admin’s account to limit their access to portal settings, the limited admin account can use any API keys they recorded while they held full permissions.
If the limited-access admin kept a copy of the keys - for example, in a password manager - the keys remain valid.
If required, you can generate new keys. Changing API keys is a technical decision that requires planning to avoid breaking integrations and losing your connections between systems.
Warning: A portal can only have one active set of API keys at a time. Generating a new set of keys invalidates any existing keys. Be sure to consider any existing integrations you have built prior to generating new keys.
Change an existing user's type to admin
- From main navigation go to Users > user name.
- From the user's Info, select Settings.
- In Type of user, select Admin.
- If required, change Can access portal settings to set the correct access for the new admin.
- Save to finish.
See: