Name |
Name of the group. The group identifier is used to form the group name for previous group name (pre Win2000) versions. |
Domain |
Domain in which to create the group. |
Container |
Container in which to create the group. |
Distinguished name |
Distinguished name of the group. The distinguished name is determined by template from the name of the group and the container and cannot be edited. |
Display name |
The display name is used to display the group in the One Identity Manager tools user interface. |
Group name (pre Win2000) |
Name of the group for the previous versions. The group name is taken from the group identifier. |
Structural object class |
Structural object class representing the object type. By default, you set up groups in One Identity Manager with the object class GROUP. |
Object class |
List of classes defining the attributes for this object. The object classes listed are read in from the database during synchronization with the Active Directory environment. However, in the input field, you can add object classes and auxiliary classes that are used by other LDAP and X.500 directory services. |
Account manager |
Manager responsible for the group.
To specify an account manager
- Click next to the field.
- In the Table menu, select the table that maps the account manager.
- In the Account manager menu, select the manager.
- Click OK.
|
Group manager can update members list. |
Specifies whether the account manager can change the memberships for this group. |
Protected from accidental deletion |
Specifies whether to protect the group against accidental deletion. If the option is set, the permissions for deleting the group are removed in Active Directory. The group cannot be deleted or moved. |
Email address |
Group's email address |
Risk index |
Value for evaluating the risk of assigning the group to user accounts. Set a value in the range 0 to 1. This input field is only visible if the QER | CalculateRiskIndex configuration parameter is activated.
For more information, see the One Identity Manager Risk Assessment Administration Guide. |
Category |
Categories for group inheritance. Groups can be selectively inherited by user accounts and contacts. To do this, groups and user accounts or contacts are divided into categories. Select one or more categories from the menu. |
Description |
Text field for additional explanation. |
Remark |
Text field for additional explanation. Abbreviations for combinations of group type and group area are added in the comment and should not be changed. |
Security group |
Group type. Authorizations are issued through security groups. User accounts, computers, and other groups are added to security groups and which makes administration easier. Security groups are also used for email distribution groups. |
Distribution group |
Group type. Distribution groups can be used as email distribution groups. Distribution groups do not have any security. |
Universal group |
Group scope. Universal groups can be used to make cross-domain authorizations available. Universal group members can be user accounts and groups from all domains in one domain structure. |
Local group |
Group scope. Local groups are used when authorizations are issued within the same domain. Members of a domain local group can be user accounts, computers, or groups in any domain. |
Global group |
Group scope. Global groups can be used to make cross-domain authorizations available. Members of a global group are only user accounts, computers, and groups belonging to the global group’s domain. |
IT Shop |
Specifies whether the group can be requested through the IT Shop. If this option is set, the group can be requested by the employees through the Web Portal and distributed with a defined approval process. The group can still be assigned directly to hierarchical roles. |
Only for use in IT Shop |
Specifies whether the group can only be requested through the IT Shop. If this option is set, the group can be requested by the employees through the Web Portal and distributed with a defined approval process. Direct assignment of the group to hierarchical roles or user accounts is not permitted. |
Service item |
Service item data for requesting the group through the IT Shop. |
Read-only memberships |
Specifies whether the memberships are read-only. The memberships are regulated by the target system. Manual changes to memberships in One Identity Manager are not permitted. |