Chatee ahora con Soporte
Chat con el soporte

Identity Manager 8.2 - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning employees, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded employees Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Reports about departments, cost centers, and locations
Employee administration
One Identity Manager users for employee administration Basic data for employee main data Employee's central user account Employee's default email address Employee's central password Mapping multiple employee identities Password policies for employees Creating and editing employees Disabling and deleting employees Deleting all employee related data Limited access to One Identity Manager Changing the certification status of employees Assigning company resources to employees Displaying the origin of employees' roles and entitlements Analyzing role memberships and employee assignments Displaying the employees overview Displaying and deleting employees' Webauthn security keys Determining the language for employees Determining employees working hours Manually assigning user accounts to employees Entering calls for employees Assigning extended properties to employees Employee reports
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Effective configuration parameters for setting up employees Configuration parameters for managing devices and workdesks

Main data for dynamic roles

Enter the following data for a dynamic role.

Table 6: Dynamic role main data
Property Description

Role/Organization

Role (department, cost center, location, business role, IT Shop node, application node) referenced by the dynamic role. This data is preset with the selected role.

Object class

Object class that the dynamic role applies to. Choose between Person, Hardware, and Workdesk.

NOTE: The combination of object class and role must be unique. It is not possible that two dynamic roles from the same object class to refer to one role.

Dynamic role

Name of the dynamic role.

Calculation schedule

Schedule, which triggers cyclical recalculation of the role membership.

In the default installation of One Identity Manager, the Dynamic roles check schedule is already defined. All dynamic role memberships are checked using this schedule and recalculation requests are sent to the DBQueue Processor if necessary.

Use the Designer to customize schedules or set up new ones to meet your requirements. For more information, see the One Identity Manager Operational Guide.

Description

Text field for additional explanation.

Condition

Defines which objects of the object class become members of the selected role. For more information, see Tips about conditions for dynamic roles.

No recalculation of assignments

Specifies whether to recalculate role memberships. If the option is enabled, role memberships will not be recalculated automatically. Existing role memberships remain as they are.

For more information about using the WHERE clause wizard and the filter designer, see the One Identity Manager User Guide for One Identity Manager Tools User Interface.

Related topics

Excluding employees from dynamic roles

Employees can excluded automatically from dynamic roles on he basis of a denied attestation or a rule violation. An excluded list is maintained to do this. Excluded lists can also be defined for individual employees.

To add an employee to the excluded list

  1. In the Manager, select the role for which the dynamic role was created.

  2. Open the role's overview form.

  3. Select Dynamic roles and click on the dynamic role.

  4. Select the Exclude employees task.

  5. Click Add and select the employee from the Employee menu.

  6. (Optional) Enter a reason for the exclusion.

  7. Save the changes.

Related topics

Removing employees from the exclusion list

To remove an employee from the exclusion list

  1. In the Manager, select the role for which the dynamic role was created.

  2. Open the role's overview form.

  3. Select Dynamic roles and click on the dynamic role.

  4. Select the Exclude employees task.

  5. Select the employee and click Remove.

  6. Save the changes.

Related topics

Main data of exclude lists for dynamic roles

The following main data is displayed for a employee in the exclusion list of a dynamic role.

Table 7: Main data of exclude lists for dynamic roles

Property

Description

Employee

Unique identifier of the excluded employee.

Description

Reason for excluding the employee. If the employee is excluded because attestation was denied or due to a rule violation, a standard reason is entered here.

Condition not applicable

Specifies whether the dynamic role condition applies to the excluded person. If the option is disabled, the condition applies.

TIP: If the option is enabled, the employee can be removed from the exclusion list. For more information, see Removing employees from the exclusion list.

Not assigned by dynamic role

Specifies whether the excluded employee is still assigned to the role by another way.

Employees can, in addition, also become members of the role directly or by assignment request or delegation. The exclusion list does not influence these assignments.

Related topics
Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación