This article has 297 words.

Roles in the organization

Within an organization, each user can have one of the following roles:

Role name Code designation Function
Global administrator ga All permissions within one directory
User admin user_admin Can do everything except edit/influence global admin
Campaign administrator campaign_admin Can create campaigns, automation and manage employees
Data administrator data_admin Can add employees
Auditor auditor Access on a read-only basis
Employee emp Access to training
Reactions API* reactions It is granted after clicking on a phishing link

What is the Reactions API role?

Regardless of the permissions you have, Koala will issue a coded “reactions” role to everyone when they click on a link for the duration of a session in the browser. For the user, this does not matter much, as it only allows you to record information like: person X tried to enter his password multiple times. If the Koala administrator gets a phishing email and clicks on the link, then this role will be issued, so that no one, after accessing the mailbox / intercepting communications outside the reach of the service, can use administrative access.

How to assign roles in the system?

Within a single directory, it is good to have one main account for the main administrator at the “ga” level, and each subsequent administrator should have as little privilege as possible. The auditor role is used when, during the handling of a RODO incident an external entity (e.g., the DPA) wants to assess how the tool is being used. This role can also be used for internal auditing.

Should the system administrator have a license?

There is no need, you can make a backup global administrator account, just in case. You can also make an additional account without logging in using M365 in auditor mode to implement external reporting using the provided API.