Enter the following data on the General tab.
Property | Description |
---|---|
Host |
The user account's host. |
Employee |
Employee that uses this user account. An employee is already entered if the user account was generated by an account definition. If you create the user account manually, you can select an employee in the menu. If you are using automatic employee assignment, an associated employee is found and added to the user account when you save the user account.
You can create a new employee for a user account with an identity of type Organizational identity, Personalized administrator identity, Sponsored identity, Shared identity, or Service identity. To do this, click next to the input field and enter the required employee main data. Which login data is required depends on the selected identity type. |
No link to an employee required |
Specifies whether the user account is intentionally not assigned an employee. The option is automatically set if a user account is included in the exclusion list for automatic employee assignment or a corresponding attestation is carried out. You can set the option manually. Enable the option if the user account does not need to be linked with an employee (for example, if several employees use the user account). If attestation approves these user accounts, these user accounts will not be submitted for attestation in the future. In the Web Portal, user accounts that are not linked to an employee can be filtered according to various criteria. |
Not linked to an employee |
Indicates why the No link to an employee required option is enabled for this user account. Possible values:
|
Account definition |
Account definition through which the user account was created. Use the account definition to automatically fill user account main data and to specify a manage level for the user account. One Identity Manager finds the IT operating data of the assigned employee and enters it in the corresponding fields in the user account. NOTE: The account definition cannot be changed once the user account has been saved. NOTE: Use the user account's Remove account definition task to reset the user account to Linked status. This removes the account definition from both the user account and the employee. The user account remains but is not managed by the account definition anymore. The task only removes account definitions that are directly assigned (XOrigin=1). |
Manage level |
Manage level of the user account. Select a manage level from the menu. You can only specify the manage level can if you have also entered an account definition. All manage levels of the selected account definition are available in the menu. |
Login shell |
Shell that is run if a user logs in to Unix using a terminal-based login. |
User name |
Name of the user account for logging in to a Unix host. If an account definition is assigned, this field is automatically filled with the employee's central user account depending on the manage level. |
User ID |
User ID for the user account in the Unix host. |
Password |
Password for the user account. The employee’s central password can be mapped to the user account password. For detailed information about an employee’s central password, see One Identity Manager Identity Management Base Module Administration Guide. If you use a random generated initial password for the user accounts, it is automatically entered when a user account is created. The password is deleted from the database after publishing to the target system. NOTE: password policies are taken into account when a user password is being verified. Ensure that the password policy does not violate the target system's requirements. |
Password confirmation |
Reconfirm password. |
Primary group ID | Identifier of the user account's primary group. |
Primary group |
Name of the user account's primary group. This defines the group ownership of files created by the user. A user account's primary group is determined as follows:
|
Home directory |
The user's full home directory path. For example, /home/user001. |
Risk index (calculated) |
Maximum risk index value of all assigned |
Category |
Categories for the inheritance of groups by the user account. Groups can be selectively inherited by user accounts. To do this, groups and user accounts or contacts are divided into categories. Select one or more categories from the menu. |
Comment (GECOS) |
Text field for additional explanation. Additional information about the user account, which is found in the GECOS in /etc/password. If an account definition is assigned, this field is automatically filled with the employee's internal name depending on the manage level. |
Identity |
User account's identity type Permitted values are:
|
Groups can be inherited |
Specifies whether the user account can inherit groups through the linked employee. If the option is set, the user account inherits groups through hierarchical roles, in which the employee is a member, or through IT Shop requests.
|
Privileged user account |
Specifies whether this is a privileged user account. |
Related topics
- Account definitions for Unix user accounts
- Assigning employees automatically to Unix user accounts
- Password policies for Unix user accounts
- Initial password for new Unix user accounts
- Unix group inheritance based on categories
- Supported user account types
- General main data of Unix hosts
- Disabling AIX system user accounts
- Prerequisites for indirect assignment of Unix groups to Unix user accounts