Overview

This feature supports multi-domain operations for users in an instance in Avo Assure and and restricts cross-domain component visibility and access. 

Key Components in Vertical Management: 

  1. Security Groups:  Users are segregated into security groups, which act as the primary unit for access control. It helps manage user access and permissions across projects, modules, and folders.

  2. Vertical Segregation:  Each security group is tied to only one vertical (domain).  Security groups cannot overlap across verticals, ensuring complete separation between domains. 

  3. User Roles & Permissions:  Users within security groups are assigned roles such as: 

  • Admin 

  • Quality Manager 

  • Quality Lead 

  • Quality Engineer 

Each role has clearly defined access privileges, tailored to their responsibilities. 

Key Entities - Functionality and Usage: 

 Projects

  • Acts as the main container for all automation-related features

  • Contains test cases, configurations, reports, and linked resources 

  • Ensures access to a project is tightly controlled via RBAC policies

Users 

  • Are placed in Security Groups, each of which is mapped to a single vertical (domain) with no cross-vertical overlap allowed

  • Users are assigned specific roles within the group: 

Role 
Description 

Admin 

Full access including user, agent, and project management 

Quality Manager 

Manages project-level activities and reporting 

Quality Lead 

Oversees execution and quality checkpoints 

Quality Engineer 

Executes test cases, limited configuration rights 

Agents 

  • Are execution units assigned to individual users

  • Support parallel and distributed execution of test cases

  • Are controlled per user, aligned with their access and vertical assignment

Understanding the Hierarchical Levels in Avo Assure :

Avo Assure follows a 3-tier to effectively manage automation assets like Users, Projects, and Agents. These tiers provide granular control over access and configurations, ensuring scalability, security, and flexibility across organizations. 

Account Level Admin – The Super Admin 

  1. Top-most authority in the Avo Assure hierarchy. 

  2. Has full visibility and control over all Verticals, Projects, Users, and Agents. 

  3. Can create and manage Verticals — which are logical groupings representing departments, business units, or teams. 

  4. Responsible for SSO integration:  a. Maps SSO Organizational Units (OU) with Verticals.  b. Links SSO Security Groups to specific Avo Assure roles. 

Key capabilities: 

  1. View and manage all Verticals. 

  2. Create new Verticals. 

  3. Edit existing ones. 

  4. Delegate control to Vertical-level admins. 

2. Vertical Level Admin – Departmental/Unit Admin 

  1. Manages a specific Vertical (a subset of the entire account). 

  2. Can access and control Projects, Users, and Agents only within their own Vertical. 

  3. Lacks access to view or manage resources outside their assigned Vertical. 

  4. Users, Projects, and Agents created within a Vertical are shared across all projects of that Vertical. 

  5. Also participates in SSO setup at the vertical level: 

  6. Associates the Vertical with a specific SSO OU. 

  7. Maps Avo Assure roles to SSO Security Groups within the Vertical.  

Key capabilities: 

  1. View and manage their assigned Vertical. 

  2. Edit existing Vertical settings. 

  3. Assign users and agents to projects within the Vertical.

Project Level Admin – Project-Specific Manager 

  1. Manages one or more individual Projects within a Vertical. 

  2. Only has access to Users and Agents that are specifically associated with the Project. 

  3. Can control access for: 

  4. AD Users (based on their group and mapped role). 

  5. Non-AD Users (added manually by the admin). 

  6. Cannot manage or modify the Vertical itself. 

  7. Cannot assign users across Verticals. 

  8. It has a limited scope but is sufficient for day-to-day project-level activities. 

Key Concept Summary 

Level 
Scope of Access 
Can Manage Verticals? 
Can Manage SSO Mapping? 
Resources Accessible 

Account Level Admin

Entire platform – all Verticals, Projects, Users, and Agents 

Yes 

Yes 

All Verticals, Projects, Users, Agents 

Vertical Level Admin

Single Vertical only – projects and assets within 

No (only view/edit own) 

Yes (own vertical only) 

Projects, Users, Agents within the Vertical 

Project Level

One or more specific Projects 

No 

No 

Only Users and Agents added to the Project

PreviousVertical ManagementNextUnderstanding Avo Assure Roles

Last updated

Was this helpful?