We have a usecase to give access to other teams to be able to register an OAUTH client which can be done through Dynamic client registration; However the teams also should be able to view/update their clients. How could we accomplish this without giving admin privileges in Identity Cloud
I apologize for the delayed response. After reviewing your query, your scenario appears well-suited for the concept of delegated administration. This approach would enable you to offer other teams the ability to register OAuth clients while also providing them access to view and update their respective clients—all without requiring full admin privileges.
The following article is a practical step-by-step guide to implementing this approach effectively. I hope you find this information helpful in establishing the delegated administration model within your Identity Cloud environment.
I hope this message finds you well. After conducting further discussions and assessments with our internal teams, I’d like to clarify the solution previously suggested in response to your query. It seems that the proposed solution involving our Distributed Administration feature might not precisely match your specific requirements. This feature primarily focuses on user management and does not extend its capabilities to cover configurations.
However, I wanted to inform you that an existing Request for Enhancement (RFE) has been raised for this feature: IAM-3994 (Provide RBAC/Delegated Admin Access to the Admin Console).
You can access the complete details and add your organization’s name by submitting a support ticket. Our support team will be more than happy to assist you with this process. I’ve included a link below to help guide you through the quickest way to raise a Support ticket for Identity Cloud: Best practice for raising an Identity Cloud ticket with ForgeRock Support