All Categories
Evo Portal
Setup Elevated Access

Setup Elevated Access

Last updated on June 12, 2025

Elevated Access is Evo's way of allowing a privileged Administrative user to sign-in as a domain account by using their own personal credentials.

Example:

You are an MSP, and you have set up a client and their users with an On-Prem Directory.

In order for you to conduct any administrative responsibilities on these endpoints your client uses, you have a super admin user called "SuperAdmin". This user has all of the permissions and access to do any and all changes to the machine.

However, "SuperAdmin" has specific credentials, and your techs all share these credentials whenever they need to log-in as "SuperAdmin". This is not safe and secure, and sharing credentials is dangerous.

Enter Elevated Access. With Elevated Access, your techs will no longer need to share those credentials, and will be able to access "SuperAdmin" using their own personal credentials! On the Evo Portal, You will add "SuperAdmin" as a "shared account". You can do this by either syncing that user directly from the directory (recommended in this scenario) or adding this user manually. This is the user that is "shared" by your techs. Once "SuperAdmin" has been added as a shared account, you can now create an "Elevated Access Assignment Group", where you can assign specific users to have access to that shared account. Your techs, Joe, Billy, and Susan, all share "SuperAdmin's" credentials, so you add Joe, Billy, and Susan to the Elevated Access Assignment Group that "SuperAdmin" is now a part of.

When creating an elevated group, you’ll have the opportunity to select if the group should be associated to all tenants (customers) or for a select tenants (customers).

Notion image

Initial Configuration Needs

Before you can add a new elevated assignment group, the following configuration must be in place.

  1. Users added or synced from a directory, and have the user type of Admin.
  1. User(s) must have an Elevated Access License. See: How do I manage my user licenses?
  1. User customer access permissions have been configured.
  1. Role-Based permission groups have been created. Including the permission of Elevated Access > Can be an Elevated Admin.
  1. At least one domain account has been created.

If you have all that set, we’re ready to create the appropriate elevated assignment groups.

How to add an elevated group for all customers

Creating a new elevated assignment for All Tenants will apply to all current and future tenants. Recommend only using this if you have a common account across all tenants.

It should be noted, to be able to apply a domain account for all tenants, that account (username or email address) must have the capability to login to all tenants.

  1. From the dashboard, click Access.
  1. Click Elevated Access.
  1. With the Elevated Access Management tab selected. Click Create Assignment.
  1. Click All Customers.
      2. Notion image
  1. Enter a group name. Optionally, enter a description.
  1. Click Next Step.
  1. Check the row for each domain account to include in the access group.
  1. Click Next Step.
  1. Select any User Groups to assign, and click Next Step.
  1. Check the row for each user to be associated to the group.
  1. Click Complete Group Assignment.

How to add an elevated group for select customers

  1. From the dashboard, click Access.
  1. Click Elevated Access.
  1. With the Elevated Access Management tab selected. Click Create Assignment.
  1. Click Select Customers.
  1. Check the row for each tenant the group is to be associated.
  1. Click Next Step.
  1. Check the row for each user to be associated to the group.
  1. Click Complete Group Assignment.

How to edit an elevated group

Editing an elevated access group is limited to the type of group that was added.

  • All customers: Description, Domain Accounts, and Users.
  • Select customers: Description, Tenants, Domain Accounts, and Users.
  1. From the top navigation, click Professional Services.
  1. Click Privileged Access Management.
  1. Click Elevated Access.
  1. Click Elevated Access Management.
  1. With the Elevated Access Management tab selected, find the one you want to edit. Click the edit pencil at the end of the row.
  1. Make the edits you want.
  1. Click Complete Group Assignment.

How to disable elevated groups

  1. From the dashboard, click Access.
  1. Click Elevated Access.
  1. With the Elevated Access Management tab selected, find the ones you want to disable. Check the box at the beginning of each row.
  1. Click the actions menu located above the table.
  1. Click Disable.

How to enable elevated groups

  1. From the dashboard, click Access.
  1. Click Elevated Access.
  1. With the Elevated Access Management tab selected, find the ones you want to disable. Check the box at the beginning of each row.
  1. Click the actions menu located above the table.
  1. Click Enable.

How to delete elevated groups

Be careful when deleting elevated groups, as this action can not be undone.

  1. From the dashboard, click Access.
  1. Click Elevated Access.
  1. With the Elevated Access Management tab selected, find the ones you want to disable. Check the box at the beginning of each row.
  1. Click the actions menu located above the table.
  1. Click Delete.

NOTE: Elevated Access Also works with Evo Cloud! Take a look here if you are interested in learning more: What is Evo Cloud?

Did this answer your question?
😞
😐
🤩
Role-Based Permissions / List of Roles Elevated Access: End User Elevation