Chat now with support
Chat mit Support

Identity Manager 9.1 - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning employees, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded employees Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Certifying departments, cost centers, and locations Reports about departments, cost centers, and locations
Employee administration
One Identity Manager users for employee administration Basic data for employee main data Employee's central user account Employee's default email address Employee's central password Mapping multiple employee identities Password policies for employees Creating and editing employees Disabling and deleting employees Deleting all employee related data Limited access to One Identity Manager Changing the certification status of employees Assigning company resources to employees Displaying the origin of employees' roles and entitlements Analyzing role memberships and employee assignments Displaying the employees overview Displaying and deleting employees' Webauthn security keys Determining the language for employees Determining employees working hours Manually assigning user accounts to employees Entering calls for employees Assigning extended properties to employees Employee reports
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing employees Configuration parameters for managing devices and workdesks

Device networking data

Enter the following information for the network configuration. The main data available depends on the selected device model.

Table 51: Network data
Property Description

IP address (IPv4)

IP address in IPv4 format.

IP address (IPv6)

IP address in IPv6 format.

Use DHCP

Specifies whether the IP address is taken from a DHCP server. If this option is not set, enter a fixed IP address and enter the subnet mask and standard gateway.

Subnet mask

Subnet mask.

Default gateway

Default gateway.

Use WINS

Specifies whether WINS name resolution is used. If this option is set, enter the IP addresses of the preferred and the alternative WINS server.

WINS primary

IP address of the preferred WINS server.

WINS secondary

IP address of the alternative WINS server.

Range ID

To communicate worth one another, all computers require a TCP/IP network with the same area ID. The area ID is used for identification when the given DNS sever cannot be found. Normally, this input should be left empty.

Use DNS

Specifies whether WINS name resolution is used. If this option is set, enter the IP address of the preferred and the alternative DNS server.

DNS server

IP address of the preferred DNS server.

2. DNS server

IP address of the alternative DNS server.

3. DNS server

IP address of the alternative DNS server.

DNS name

Suffix of DNS domain the device belongs to.

DNS host name DNS name of the computer.

Remote boot

Specifies whether this device uses remote booting. The property is available if the Hardware | Display | MachineWithRPL configuration parameter is set.

Remote boot type

Data for the remote boot type. The property is available if the Hardware | Display | MachineWithRPL configuration parameter is set.

Assigning company resources to devices

One Identity Manager uses different assignment types to assign company resources.

  • Indirect assignment

    In the case of indirect assignment of company resources, employees, devices, and workdesks are arranged in departments, cost centers, locations, business roles, or application roles. The total of assigned company resources for an employee, device, or workdesk is calculated from the position within the hierarchies, the direction of inheritance (top-down or bottom-up) and the company resources assigned to these roles. In the Indirect assignment methods a difference between primary and secondary assignment is taken into account.

  • Direct assignment

    Direct assignment of company resources results from the assignment of a company resource to an employee, device, or workdesk, for example. Direct assignment of company resources makes it easier to react to special requirements.

  • Assignment by dynamic roles

    Assignment through dynamic roles is a special case of indirect assignment. Dynamic roles are used to specify role memberships dynamically. Employees, devices, and workdesks are not permanently assigned to a role, just when they fulfill certain conditions. A check is performed regularly to assess which employees, devices, or workdesks fulfill these conditions. This means the role memberships change dynamically. For example, company resources can be assigned dynamically to all employees in a department in this way; if an employee leaves the department they immediately lose the resources assigned to them.

The following table shows the possible company resources assignments to devices.

NOTE: Company resources are defined in One Identity Manager modules and are not available until the modules are installed.

Table 52: Possible assignments of company resources to devices
Company resources Direct assignment permitted Indirect assignment permitted Comment

Active Directory groups

- +

All Active Directory computers that reference this device are added to Active Directory groups.

LDAP groups

- +

All LDAP computers that reference this device are added to LDAP groups.

NOTE: Devices also obtain company resources from their workdesks.

Detailed information about this topic
Related topics

Assigning devices to departments, cost centers, and locations

Assign devices to departments, cost centers, and locations so that they obtain company resources through these organizations. To assign company resources to departments, cost centers, and locations, use the appropriate organization tasks.

To assign a device to departments, cost centers, and locations (secondary assignment; default method)

  1. In the Manager, select the Device & Workdesks > Basic configuration data > <filter> category.

  2. Select the device in the result list.

  3. Select the Assign organizations task.

  4. In the Add assignments pane, assign the organizations:

    • On the Departments tab, assign departments.

    • On the Locations tab, assign locations.

    • On the Cost centers tab, assign cost centers.

    TIP: In the Remove assignments pane, you can remove assigned organizations.

    To remove an assignment

    • Select the organization and double-click .

  5. Save the changes.

To assign a device to departments, cost centers, and locations (primary assignment)

  1. In the Manager, select the Device & Workdesks > Basic configuration data > <filter> category.

  2. Select the device in the result list.

  3. Select the Change main data task.

  4. Adjust the following main data:

    • Primary department: Department to which the device is assigned.

    • Primary cost center: Cost center to which the device is assigned.

    • Primary location: Location to which the device is assigned.

  5. Save the changes.

Related topics

Assigning devices to business roles

NOTE: This function is only available if the Business Roles Module is installed.

Assign devices to business roles such that the devices obtain company resources through these business roles. To assign company resources to business roles use the corresponding business role tasks. For more information about working with business roles, see the One Identity Manager Business Roles Administration Guide.

To assign a device to business roles (secondary assignment; default method)

  1. In the Manager, select the Device & Workdesks > <filter> category.

  2. Select the device in the result list.

  3. Select the Assign business roles task.

  4. In the Add assignments pane, select the role class and assign business roles.

    TIP: In the Remove assignments pane, you can remove assigned business roles.

    To remove an assignment

    • Select the business role and double-click .

  5. Save the changes.

To assign a device to business roles (primary assignment)

  1. In the Manager, select the Device & Workdesks > <filter> category.

  2. Select the device in the result list.

  3. Select the Change main data task.

  4. In the Primary business role menu, select the business role to assign to the device.

  5. Save the changes.

Related topics
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen