Chat now with support
Chat mit Support

Identity Manager 9.1 - Administration Guide for Privileged Account Governance

About this guide Managing a Privileged Account Management system in One Identity Manager Synchronizing a Privileged Account Management system
Setting up the initial synchronization of a One Identity Safeguard Customizing the synchronization configuration for One Identity Safeguard Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing PAM user accounts and employees Managing assignments of PAM user groups Login information for PAM user accounts Mapping of PAM objects in One Identity Manager PAM access requests Handling of PAM objects in the Web Portal Basic data for managing a Privileged Account Management system Configuration parameters for managing a Privileged Account Management system Default project template for One Identity Safeguard Editing One Identity Safeguard system objects One Identity Safeguard connector settings Known issues about connecting One Identity Safeguard appliances

Contact information for PAM user accounts

On the Contact information tab, enter the following main data. You can only enter contact data that uses a local identity provider.

Table 23: Contact data for a user account

Property

Description

First name

The user’s first name. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Last name

The user’s last name. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Phone

Telephone number. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Mobile phone

Mobile number. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Email address

User account email address. If you assigned an account definition, the email address is made up of the employee’s default email address depending on the manage level of the user account.

Description

Text field for additional explanation.

Secondary authentication for PAM user accounts

If multi-factor authentication is required for the user, enter the following main data on the Secondary authentication tab.

Table 24: Secondary authentication of a user account

Property

Description

Secondary authentication

Second authentication provider for requesting multi-factor authentication by the user. All authentication providers that are allowed as secondary authentication providers (PAGAuthProvider table, AllowSecondaryAuth column).

Secondary authentication object

(Only for directory users) Character string for identifying the second authentication object for multi-factor authentication. The input depends on the selected secondary authentication provider.

If the secondary authentication of a user is performed using an Active Directory user account or an LDAP user account, you can select the user account.

To select a user account

  1. To do this, click next to the input field and enter the following information:

    • Table: Table in which the user accounts are mapped. This table is preselected.

      For an Active Directory user account, ADSAccount is selected. For an LDAP user account, LDAPAccount is selected.

    • Secondary authentication object: Select a user account.
  2. Click OK.

Login name

Login name of the PAM user account for secondary authentication.

Administrative entitlements for PAM user accounts

If necessary, on the Entitlements tab, enter the administrator entitlements of the user. For more information about administrative entitlements in One Identity Safeguard, see the One Identity Safeguard Administration Guide.

Table 25: Administrative entitlements for a user account

Administrative role

Description

Authorizer

Enables the user to grant permissions to other users.

User

Enables the user to create new users, and to approve and reset passwords for non-administrative users

Help Desk

Allows the user to create and approve passwords for non-administrative users.

Appliance

Allows the user to edit, update, and configure the appliance.

Operations

Allows the user to restart the appliance and to monitor the appliance.

Auditor

Allows the user read-only access.

Asset

Allows the user to add, edit, and delete partitions, assets, and accounts.

Directory

Allows the user to add, edit, and delete directories.

Security policy

Allows the user to add, edit, and delete entitlements and policies that control access to accounts and assets.

Personal password vault

Allows the user to add, edit, delete, share, and access a vault for personal passwords.

Related topics

Assigning extended properties to PAM user accounts

Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager.

For more information about using extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.

To specify extended properties for a user account

  1. In the Manager, select the Privileged Account Management > User accounts category.

  2. Select the user account in the result list.

  3. Select Assign extended properties.

  4. In the Add assignments pane, assign extended properties.

    TIP: In the Remove assignments pane, you can remove assigned extended properties.

    To remove an assignment

    • Select the extended property and double-click .

  5. Save the changes.
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen