Auditing – Active Directory (page description)
To open the Auditing - Active Directory page go to Responsibilities > Auditing > Active Directory.
On the Auditing - page, you can see all the Active Directory groups (see Active Directory).Displaying all system entitlements
If you click Show details in an Active Directory group's details pane, a new page opens (see Auditing - Roles and permissions: Active Directory group (page description)) that contains more information and configuration options for the Active Directory group.
The following tables give you an overview of the various features and content on the Auditing - Active Directory page.
Table 677: Controls
Select an identity |
Use this feature to select an identity so that only the Active Directory groups they manage are shown (see Displaying all system entitlements). |
Table 679: Columns
Display |
Shows the Active Directory group's name. |
TIP: You can show less data by using the column filters. For more information, see Filtering.
Auditing - Roles and permissions: Active Directory group (page description)
To open the Auditing - Roles and entitlements: Active Directory group page go to Responsibilities > Auditing > Active Directory > Show details.
On the Auditing - Roles and entitlements: Active Directory group page, you can access various information about the selected Active Directory group.
To do this, click on one of the tiles:
Overview – Active Directory group (page description)
To open the Overview - Active Directory group page go to Responsibilities > Auditing > Active Directory > Show details > Overview.
On the Overview – Active Directory group page, you can see all the information relevant to the Active Directory group summarized in an overview (see Displaying system entitlement overviews).
This information is displayed as shapes. For more information, click on the links inside one of the shapes.
Main data – Active Directory group (page description)
To open the Main data – Active Directory group page go to Responsibilities > Auditing > Active Directory > Show details > Main data.
On the Main data – Active Directory group page, you can see the Active Directory group's main data (see Displaying system entitlement main data).
Enter the following main data:
Table 681: Active Directory group main data
Name |
Shows you the full, descriptive name of the Active Directory group. |
Canonical name |
Shows you the automatically generated canonical name of the Active Directory group. |
Distinguished name |
Shows you the automatically generated distinguished name of the Active Directory group. |
Display name |
Shows you the name of the Active Directory group used to display Active Directory group in the One Identity Manager tools. |
Container |
Shows you the parent container of the Active Directory group. |
Service item |
Shows you the assigned service items. |
Category |
Shows you the category for Active Directory group inheritance.
User accounts can inherit Active Directory groups selectively. To do this, Active Directory groups and user accounts are divided into categories. |
Description |
Shows you the Active Directory group's description. |
Risk index |
Shows you the configured risk index.
This value specifies the risk of assigning this Active Directory group to a user account.
For more information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide. |
IT shop |
Shows you whether the Active Directory group can be requested in the IT Shop. If set, the Active Directory group can be requested by identities through the Web Portal and allocated by defined approval processes. The Active Directory group can still be assigned directly to identities and hierarchical roles.
For detailed information about IT Shop, see the One Identity Manager IT Shop Administration Guide. |
Only use in IT Shop |
Shows you whether the Active Directory group can only be requested through the IT Shop. If set, the Active Directory group can be requested by identities through the Web Portal and allocated by defined approval processes. You cannot assign an Active Directory group to hierarchical roles directly. |