1. Knowledge Base
  2. SurePassID Authentication Server

What permissions does a Super Admin have that and Admin does not have in the SPAS system.

This article describes what are the differences between them.

In the SuperPassID Authentication Server (SPAS), there are 2 admin roles that can be used.


In a single tenant, an admin can be defined that has all the admin permissions within the single tenant in which the account resides.  This role allows the user using the account to do all the functions in the UI with the exception of changing the tenant expiry and the licensed number of users information. 

In a multi-tenant configuration, there is a super admin role that has full control of all functions available in the system as presented in the UI.  The Super Admin can modify all aspects of the tenants in the system including expiration, user license count, etc.

Keep in mind that the total number of active users allowed in the system is set by the site.lic license file, so while the Super Admin change change the max number of active users allowed in the tenants in the system, it cannot change the total maximum for the whole server.

If a system is changed from a single tenant license to a multi-tenant license, an existing admin user can be changed to a super admin if there is not already a super admin defined by running a SQL query to update a field in the DB or by directly editing the field in the DB to turn on the Super Admin function for that account.