Entering master data for a group
Table 35: Configuration parameters for risk assessment of user accounts
QER | CalculateRiskIndex |
Preprocessor relevant configuration parameter controlling system components for calculating an employee's risk index. Changes to the parameter require recompiling the database.
If the parameter is enabled, values for the risk index can be entered and calculated. |
Enter the following master data for a group.
Table 36: Entering master data for a group
Name |
Name of the group. |
Container |
Container in which to create the group. |
Target system |
The group's cloud target system |
Distinguished name |
Distinguished name of the group. |
Display name |
The display name is used to display the group in the One Identity Manager tools user interface. |
Group name |
Additional name for the group. |
Email address |
Group's email address |
Account manager |
Manager responsible for the group.
To specify an account manager
- Click next to the field.
- In the Table menu, select the table that maps the account manager.
- In the Account manager menu, select the manager.
- Click OK.
|
IT Shop |
Specifies whether the group can be requested through the IT Shop. If this option is set, the group can be requested by the employees through the Web Portal and distributed with a defined approval process. The group can still be assigned directly to hierarchical roles.
For more detailed information, see the One Identity Manager IT Shop Administration Guide. |
Only for use in IT Shop |
Specifies whether the group can only be requested through the IT Shop. If this option is set, the group can be requested by the employees through the Web Portal and distributed with a defined approval process. Direct assignment of the group to hierarchical roles or user accounts is not permitted. |
Service item |
Service item data for requesting the group through the IT Shop. |
Risk index |
Value for evaluating the risk of assigning the group to user accounts. Enter a value between 0 and 1. This input field is only visible if the QER | CalculateRiskIndex configuration parameter is activated.
For more detailed information, see the One Identity Manager Risk Assessment Administration Guide. |
Category |
Categories for group inheritance. Groups can be selectively inherited by user accounts. To do this, groups and user accounts are divided into categories. Select one or more categories from the menu.
For more detailed information, see the One Identity Manager Target System Base Module Administration Guide. |
Description |
Text field for additional explanation. |
Group type |
Name of the group type. This is only required if different group types are recognized in the cloud application. |
Resource type |
Type of resource, for example, Group. |
Detailed information about this topic
User-defined master data for a group
You can find customized data for a group on the Custom tab.
Table 37: User-defined master data for a group
Spare field no. 01- Spare field no. 05 |
Additional company-specific information. Use the Designer to customize display names, formats, and templates for the input fields. |
Spare date no. 01- Spare date no. 03 |
Additional company-specific information. Use the Designer to customize display names, formats, and templates for the input fields. |
Spare text no. 01- Spare text no. 05 |
Additional company-specific information. Use the Designer to customize display names, formats, and templates for the input fields. |
Spare option no. 01 - Spare option no. 05 |
Additional company-specific information. Use the Designer to customize display names, formats, and templates for the input fields. |
Assigning groups to user accounts
cloud groups can be assigned directly or indirectly to employees. In the case of indirect assignment, employees, and groups are arranged in hierarchical roles. The number of groups assigned to an employee is calculated from the position in the hierarchy and the direction of inheritance. If you add an employee to hierarchical roles and that employee owns a cloud user account, this user account is added to the cloud group. Prerequisites for indirect assignment of employees to user accounts:
- Assignment of employees and cloud groups is permitted for role classes (departments, cost centers, locations, or business roles).
- Cloud user accounts are marked with the Groups can be inherited option.
- Cloud user accounts and cloud groups belong to the same target system.
Furthermore, cloud groups can be assigned to employees through IT Shop requests. So that groups can be assigned using IT Shop requests, employees are added to a shop as customers. All groups are assigned to this shop can be requested by the customers. Requested groups are assigned to the employees after approval is granted.
For more detailed information about inheriting company resources, see the One Identity Manager Identity Management Base Module Administration Guide.
Detailed information about this topic
Assigning groups to departments, cost centers, and locations
Assign groups to departments, cost centers, and locations in order to assign user accounts to them through these organizations.
To assign a group to departments, cost centers, or locations (non role-based login)
-
In the Manager, select the Cloud Target Systems | <target system> | Groups category.
-
Select the group in the result list.
-
Select the Assign organizations task.
-
In the Add assignments pane, assign the organizations:
-
On the Departments tab, assign departments.
-
On the Locations tab, assign locations.
-
On the Cost centers tab, assign cost centers.
TIP: In the Remove assignments pane, you can remove assigned organizations.
To remove an assignment
- Select the organization and double-click .
- Save the changes.
To assign groups to a department, cost center, or location (role-based login)
-
In the Manager, select the Organizations | Departments category.
- OR -
In the Manager, select the Organizations | Cost centers category.
- OR -
In the Manager, select the Organizations | Locations category.
-
Select the department, cost center, or location in the result list.
-
Select the Assign cloud groups task.
-
In the Add assignments pane, assign groups.
TIP: In the Remove assignments pane, you can remove the assignment of groups.
To remove an assignment
- Select the group and double-click .
- Save the changes.
Related topics