Unified login new and changed roles
Welcome note
Unified login is in the process of being applied to all users throughout September 2025.
Access the pre-existing documentation here: Administration.
The unification of administration introduces new roles and modifies existing ones. This consolidation reduces complexity and clarifies permissions—ultimately reducing the number of role assignments you need to manage.
Automatic access for supervisors
If you're already a supervisor, you'll automatically receive the appropriate admin role—no action required:
- Cloud organization supervisors receive the Cloud Organization Admin role.
- Workspace supervisors receive the Workspace Admin role for Engagement.
- New organizations or workspaces appear in your account hierarchy within 10 minutes (usually faster).
Need Data hub access?
Workspace supervisors can grant themselves the Workspace Admin role for Data hub as described in Unified user management.
Changed roles
These roles have new names, updated permissions, or both:
| Old role names | New role name | Application |
|---|---|---|
| Account admin | Workspace Admin | Engagement |
| Account IAM Admin | Workspace IAM Admin | Engagement |
| SSO Account Admin | SSO Admin (Cloud Organization scope) | Administration |
| Discovery IAM Admin | Cloud Organization Admin (for Discovery user management) | Discovery |
| Users Admin | Discovery API Key Manager | Discovery |
Why these changes help
- Consistent SSO management: SSO configuration now happens at Cloud Organization level across all workspaces.
- Clearer Discovery management: One role handles all Discovery user administration.
New roles
| Role name | Application | What you can do |
|---|---|---|
| Cloud Organization Admin | Administration | Manage and list cloud organizations. Manage custom roles. |
| Event Streams Admin | Data hub | View, create, edit, and delete Event streams and components (can't see event data). |
| Event Streams Viewer | Data hub | View Event streams and components (can't see event data). |
| Imports Admin | Data hub | View, edit, and delete workspace-level imports. |
| Imports Viewer | Data hub | View workspace-level imports. |
| Item Collections Admin | Data hub | View, create, edit, and delete Item collections and components. |
| Item Collections Viewer | Data hub | View Item collections and components. |
| Integrations Admin | Data hub | View, edit, and delete integrations at workspace level; create approved integration types. |
| Workspace IAM Admin | Data hub | Manage users at workspace level for Data hub resources. |
| Workspace Admin | Data hub | Manage workspaces, event streams, imports, item collections, and integrations. |
| Workspace IAM Admin | Engagement | Manage users at workspace level for Engagement resources. |
| Workspace Discovery IAM Admin | Administration | Manage users in connected Discovery organization for Discovery resources. |
| Workspace IAM Admin | Administration | Manage users across workspace and all resources (combines Workspace CDE IAM Admin, Workspace DIS IAM Admin, and Workspace ENG IAM Admin). |
| Discovery API Key admin | Administration | Manage Discovery API keys. |
Key roles to know
- Workspace Admin (Data hub): Primary administrative role combining all Data hub capabilities.
- Cloud Organization Admin: Essential for managing the entire Bloomreach relationship.
- Workspace IAM Admin (Administration): Most powerful user management role across all products.
Quick reference: Choosing the right role
- "I need someone to manage all Data hub administration" → Workspace Admin (Data hub)
- "I need someone to manage users across all products in a region" → Workspace IAM Admin (Administration)
- "I need someone to configure SSO for the entire organization" → SSO Admin (Administration - Cloud Organization scope)
- "I need someone to set up and manage custom roles" → Cloud Organization Admin (Administration - Cloud Organization scope)
- "I need someone to manage only Engagement users" → Workspace IAM Admin (Engagement)
- "I need someone to view data structure but not modify it" → Event Streams Viewer (Data hub)
- "I need someone to manage API keys for Discovery" → Discovery API Key admin (Administration)
Updated 7 days ago