Rule 1: You can control other users, if you are Administrator level.

Rule 2: You can modify other users, if you have access to the same account as them.

Rule 3: You can delete other users, if you have access to the same account as them.

Rule 4: You can modify your own access, but changing your access level, means you cannot change it back to Administrator! Only Admins can make user changes (Rule 1).

Rule 5: You cannot delete your own access.

The general rules still apply, but there's more to be considered when SAML SSO is enabled. There are two areas where SAML SSO connections take place:

A Store Manager with SAML SSO enabled can login via SAML SSO and see a list of their SAML connected stores.

If a new Appointedd store has been created without a SAML connection, the Store Manager will not have visibility of the store.

A Store Manager with SAML SSO enabled can login via SAML SSO and see a list of their SAML connected stores.

If a new Appointedd store has been created without a SAML connection, the Store Manager will not have visibility of the store, unless they switch to login via email and password.

Fix 1: make sure the new store has SAML connected

Fix 2: disable access via email and password to all users in the SAML configuration. This can only be controlled by the Super User.

To summarise, all Admins, whether SAML enabled or not, can view the list of users in the Console, and add new users.

They can only amend and delete users that have the same setup as them.

Non-SAML Admins cannot:

They will receive an error message when attempting to action such a change.