Learn about the differences for Kandji Team Members
New Team Members may be invited only via the Company's Kandji Account inside the Settings tab. Account owner - a variation of Admin role that cannot be modified/removed by other Admins, is created upon new instance sign up or may be transferred from another Admin. You can also see our Modify or Remove Team Members page for more information.
Full access to all functionality. The Account Owner is not able to be deleted by other team members.
When creating your Kandji account, the first team member will be given 24 hours to activate their account via email. If 24 hours pass before the account is created, attempting to reset the password will send a new email link.
Full access to all functionality. Accounts with this role can be deleted by other administrators.
Additional administrators will have 24 hours to activate their Kandji account via email. If 24 hours pass before the account is created, an existing admin must re-send the invitation.
Same permissions as Administrator accounts without access to Settings.
No access to Settings and has read-only access to Blueprints and Library Items. Helpdesk users can perform all device actions, including deleting a device.
Limited read-only access to the Kandji Web App.
|Configuration||Manage Blueprints||✅||✅||✅||Read Only||Read Only|
|Manage Library Items|
|Device Management||Enroll Devices||✅||✅||✅||✅||Read Only|
|Manage Enrollment Portal|
|Manage User Assignments|
|Edit Blueprint Assignment|
|Basic Device Actions||Send Blank Push||✅||✅||✅||✅||❌|
|Set Device Name|
|Renew MDM Profile|
|Unlock User Account|
|Sensitive Device Actions||Lock Device||✅||✅||✅||✅||❌|
|Set Auto Admin Password|
|Delete User Account|
|Access Device Secrets|
|Delete device record|
|Settings & Integrations||Company Settings||✅||✅||❌||❌||❌|
|Self Service Settings|
|Transfer Account Ownership|