Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Identity Manager On Demand - Starling Edition Hosted - Identity Management Base Module Administration Guide

Table of Contents

Basics for mapping company structures in One Identity Manager

Hierarchical role structure basic principles

Inheritance directions within a hierarchy Discontinuing inheritance

Basic principles for assigning company resources

Direct company resource assignments Indirect company resource assignments

Secondary assignment of company resources Primary assignment of company resources

Assigning company resources through dynamic roles Assigning company resources through IT Shop requests

Basics of calculating inheritance

Calculating inheritance by hierarchical roles Calculation of assignments

Preparing hierarchical roles for company resource assignments

Possible assignments of company resources through roles Permitting assignments of identities, devices, workdesks, and company resources to roles Blocking inheritance using roles Preventing identities, devices, or workdesks from inheriting individual roles Preventing inheritance to individual identities, devices, or workdesks Inheritance exclusion: Specifying conflicting roles

Creating and editing dynamic roles Tips about conditions for dynamic roles Testing dynamic role conditions Calculating role memberships for dynamic roles

Schedules for calculating dynamic roles

Creating and editing dynamic role schedules Starting dynamic role schedules immediately Assigning dynamic roles to schedules

Calculating dynamic roles immediately if objects change Calculating role memberships for dynamic roles immediately Editing properties for immediate recalculation Excluding dynamic roles from recalculation

Excluding identities from dynamic roles

Removing identities from the exclusion list Main data of exclude lists for dynamic roles

Displaying the dynamic role overview Main data for dynamic roles

Departments, cost centers, and locations

One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations

Role classes for departments, cost centers, and locations

Assigning role types to role classes for departments, cost centers, and locations

Role types for departments, cost centers, and locations

Creating role types for departments, cost centers, and locations Assigning role classes to role types for departments, cost centers, and locations

Functional areas for departments, cost centers, and locations Attestors for departments, cost centers, and locations Approvers and approvers (IT) for departments, cost centers, and locations

Creating and editing departments

General main data for departments Contact data for departments Functional area and risk assessment for departments

Creating and editing cost centers

General main data for cost centers Functional area and risk assessment for cost centers

Creating and editing locations

General main data for locations Location address information Configuring location networks Directions to location Functional area and risk assessment for locations

Setting up IT operating data for departments, cost centers, and locations

Modify IT operating data

Assigning identities, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded identities Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Certifying departments, cost centers, and locations Reports about departments, cost centers, and locations

Identity administration

One Identity Manager users for managing identities Basics for managing identities

Main identities and subidentities Identity's central user account Identity's default email address Identity's central password

Creating and editing identities

General main data of identities Organizational main data of identities Address data for identities Miscellaneous main data of identities

Assigning company resources to identities

Assigning identities to departments, cost centers, and locations Assigning identities to business roles Adding identities to IT Shop custom nodes Assigning application roles to identities Assigning resources directly to identities Assigning system roles directly to identities Assigning subscribable reports directly to identities Assigning software directly to identities

Displaying the origin of identities' roles and entitlements Analyzing role memberships and identity assignments Deactivating and deleting identities

Temporarily deactivating identities Permanently deactivating identities Reactivate permanently deactivated identities Deferred deletion of identities

Deleting all personal data Limited access to One Identity Manager Changing the certification status of identities Displaying the identities overview Displaying and deleting identities' Webauthn security keys Determining the language for identities Determining identities working hours Manually assigning user accounts to identities Entering tickets for identities Assigning extended properties to identities Reports about identities Basic configuration data for identities

Creating and editing business partners for external identities Mail templates for notifications about identities

Creating and editing mail definitions for identities Base objects for mail templates about identities Editing mail templates for identities

Password policies for identities

Predefined password policies Applying identity password policies Changing the password policy for password columns Assigning password policies to departments, cost centers, locations, and business roles Editing password policies for identities Creating password policies for identities General main data for password policies Password policy settings Character classes for passwords Custom scripts for password requirements

Checking passwords with a script Generating passwords with a script

Defining the excluded list for passwords Checking identity passwords Generating passwords for testing identities Informing identities about expiring passwords Displaying locked identities and system users

Managing devices and workdesks

Basic data for device admin

Creating and editing device models

General main data for device models Inventory data for device models

Creating and editing business partners Creating and editing device statuses Creating and editing workdesk statuses Creating and editing workdesk types

Creating and editing devices

General main data for devices Device networking data

Assigning company resources to devices

Assigning devices to departments, cost centers, and locations Assigning devices to business roles

Entering service agreements and tickets for devices Displaying the device overview Creating and editing workdesks

General main data of workdesks Location information for workdesks Additional information for workdesks

Assigning company resources to workdesks

Assigning workdesks to departments, cost centers, and locations Assigning workdesks to business roles Assigning system roles directly to workdesks Assigning software directly to workdesks

Displaying the workdesk overview Assigning devices to workdesks Assigning workdesks to identities Entering tickets for workdesks Asset data for devices

Creating and editing asset classes for devices Creating and editing asset types for devices Entering investments and investment plans for devices Editing device asset data

Main data for devices' asset data Commercial data for devices

Managing resources

One Identity Manager users for managing resources Basic data for resources

Creating and editing resources Main data for resources Assigning resources to identities

Assigning resources to departments, cost centers, and locations Assigning resources to business roles Assigning resources directly to identities Adding resources to the IT Shop Adding resources in system roles

Displaying the resources overview Assigning extended properties to resources Creating and editing multi-request resources

Main data for multi-request resources

Assigning multi-request resources to identities Adding multi-request resources to the IT Shop Displaying the multi-request resource overview Reports about resources

Setting up extended properties

One Identity Manager users for managing extended properties Creating property groups for extended properties Creating and editing extended properties Main data for extended properties Assigning extended properties to property groups Assigning additional property groups to extended properties Specifying scope limits for extended properties Assigning objects to extended properties Displaying the extended properties overview

Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing identities Configuration parameters for managing devices and workdesks

Predefined password policies

You can customize predefined password policies to meet your own requirements if necessary.

Password for logging in to One Identity Manager

The One Identity Manager password policy is applied for logging in to One Identity Manager. This password policy defines the settings for the system user passwords (DialogUser.Password and Person.DialogUserPassword) as well as the passcode for a one time log in on the Web Portal (Person.Passcode).

NOTE: The One Identity Manager password policy is marked as the default policy. This password policy is applied if no other password policy can be found for identities, user accounts, or system users.

Password policy for forming identities' central passwords

An identity's central password is formed from the target system specific user accounts by respective configuration. The Identity central password policy defines the settings for the (Person.CentralPassword) central password. Members of the Identity Management | Identities | Administrators application role can adjust this password policy.

IMPORTANT: Ensure that the Identity central password policy does not violate the target system-specific requirements for passwords.

Password policies for user accounts

Predefined password policies are provided, which you can apply to the user account password columns of the user accounts. You can define password policies for user accounts for various base objects, for example, for account definitions, manage levels, or target systems.

For more information about password policies for user accounts, see the administration guides of the target systems.

Related topics

Identity's central password

Applying identity password policies

The One Identity Manager password policy and Identity central password policy are predefined password policies for identities' central passwords.

You can assign custom password policies to identities' password columns. You can also assign the password policies to departments, cost centers, locations, or business roles, and therefore apply password policies depending on the identities' organizational classification.

Which password policy is applied to an identity is determined in the following order:

Password policy of the identity's primary business role
Password policy of the identity's primary department
Password policy of the identity's primary location
Password policy of the identity's primary cost center
General password policy for identities' passwords
The One Identity Manager password policy (default policy)

Related topics

Changing the password policy for password columns

If you do not want to apply the predefined password policy to the password column of identities, change the password policy assignment to the base object in the Manager.

To change a password policy's assignment

In the Manager, select the Identities > Basic configuration data > Password policies category.
Select the password policy in the result list.
Select the Assign objects task.
In the Assignments pane, select the assignment you want to change.
From the Password Policies menu, select the new password policy you want to apply.
Save the changes.

Assigning password policies to departments, cost centers, locations, and business roles

You can assign the password policies for forming an identity's system user password, the passcode, and an identity's central password to departments, cost centers, locations, and business roles.

NOTE: If you want to use the assignment of a password policy through company structures, you need to decide whether to use either departments, cost centers, locations, or business roles. Otherwise, performance problems may occur when determining the valid password policy. A large number of hierarchy levels could also lead to performance problems when determining the password policy to apply.

To reassign a password policy

In the Manager, select the Identities > Basic configuration data > Password policies category.
Select the password policy in the result list.
Select the Assign objects task.
Click Add in Assignments and enter the following data.
- Apply to: Application scope of the password policy.
  
  To specify an application scope
  1. Click next to the field.
  2. Under Table, select the table that contains the basic objects. You have the following options:
    - Department: Departments.
    - Org: Business roles.
      
      NOTE: This table is only available if the Business Roles Module is installed.
    - Locality: Locations.
    - Profitcenter: Cost centers.
  3. Under Apply to, select the specific department, cost center, location, or business role.
  4. Click OK.
- Password column: Name of the password column. You have the following options:
  - Person - CentralPassword: Central password of the identity.
  - Person - DialogUserPassword: System user password of the identity.
  - Person - Passcode: Passcode of the identity.
- Password policy: Name of the password policy to use.
Save the changes.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center