Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Portal User Roles

Get familiar with the various roles that you can apply to admin accounts, whether your personnel need full read-write access or limited permissions, such as Installer or Help Desk roles.

Table 1: Roles
Role Description
Super User Read/write access to entire organization. No restrictions.

  • Full access to all sites

  • Create new sites

  • Manage other administrators

  • Manage all device types and configuration settings
Org Admin

Write access to all components within the Juniper Mist portal and API, except administrative functions, such as:

  • Creating or managing other admin users

  • Modifying login and authentication settings

Note: The above permissions require the Super User role.

For all sites in the entire organization, the Org Admin can view and modify:

  • Organization-level configurations:

    • Audit logs

    • Inventory

    • Mobile SDK

    • Organization settings

    • Site configuration

    • Subscriptions

  • Access Assurance features (with subscription):

    • Auth policies and labels

    • Certificates

    • Client onboarding

    • Endpoints

    • Identity providers

  • WAN Assurance features (with subscription):

    • Applications and appliacation policies

    • Hub profiles

    • Networks and network topology

    • WAN Edge templates

  • Wired Assurance features (with subscription):

    • Campus fabric

    • Switch Templates

  • Wireless Assurance features (with subscription):

    • Device prolfes

    • Templates for RF and WLAN

    • Pre-shared keys

    • Labels
Network Admin

Permissions depend on the sites that this person is granted access to.

All Sites—Has the following permissions for all sites in the organization:

  • Modify all site-level features

  • Read access to your organization's audit logs and inventory

  • Manage all device types and configuration settings at the device level

  • View and update existing support tickets

  • Cannot claim or assign devices

  • Cannot configure organization-level features

Selected Sites or Site Groups—Has limited read/write access for the specified sites:

  • Manage all device types and configuration settings in the sites that the account can access

  • No access to audit logs and inventory

  • No access to support tickets

  • Cannot configure organization-level features

  • Cannot claim devices

Additional Optional Permissions

You also can grant read-only access to organization level templates by selecting "Allow read access to select org level configurations"

Note:

Note: If a user had a Network Admin account before the August 2025 release, certain changes were made to the user's account automatically:

  • If the user previously had All Sites access, the user's role was elevated to Org Admin.

  • If the user previously had access only to selected sites/groups, the Allow read access to select org level configurations check box was automatically selected for the user. Thus, the user has read-only access to organization level templates.
Observer

  • Read-only access to allowed sites

  • Read-only access to Inventory if granted access to All Sites; no access to other organization-level features
Installer

Limited access for the specified grace period

  • Do the initial installation for APs and switches: claim devices, assign/unassign devices, and place an AP on the floorplan

  • Use the API and the Juniper Mist AI app.

    Cannot access the portal

  • Cannot unclaim or remove a device from an organization
Helpdesk

  • Read-only access to allowed sites

  • Basic device management such as upgrading, rebooting, running tests, etc. (not modifying configurations)

  • Basic RF management such as running the RF Environment, making RF recordings, etc.

  • Manual PCAP

  • Read-only access to other site-level pages:

    • Monitor

    • Clients

    • Access Points

    • Location

    • Analytics

    • Switches

    • Mist Edge Devices

    • WAN Edge Devices

  • Read access to Inventory if granted access to All Sites; no read/write access to other organization-level pages
Switch Port Operator

Can view and manage switch port configurations that are allowed by a Super User
Super Observer

Can monitor all sites and can view organization pages
Reporting

Read-only access to analytics tools:

  • Engagement Analytics

  • Occupancy Analytics

  • Network Analytics

  • Premium Analytics (requires subscription)
Location

Read/write access to location-related features:

  • Live View (add/change floorplans, zones, APs, virtual beacons, and so on)

  • Engagement Analytics

  • Occupancy Analytics
Marketing

Read-only access to location-related features:

  • Live View (view floorplans)

  • Engagement Analytics

  • Occupancy Analytics
Mist Edge Admin

Similar to the Super Admin role, but with access only to the Mist Edges and Mist Tunnels for the sites that the admin can access.