Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Identity Manager 8.2 - Authorization and Authentication Guide

About this guide One Identity Manager application roles Granting One Identity Manager schema permissions through permissions groups Managing permissions to program features One Identity Manager authentication modules OAuth 2.0 / OpenID Connect configuration Multi-factor authentication in One Identity Manager Authenticating other applications using OAuth 2.0/OpenID Connect Granular permissions for the SQL Server and database Installing One Identity Redistributable STS Program functions for starting the One Identity Manager tools Minimum access levels of One Identity Manager tools

Application roles for target systems

NOTE: Application roles are dependent on the target system and are contained in One Identity Manager modules. Application roles are not available until the modules are installed.

The following application roles are available for target system administration:

Table 11: Application roles for target systems
Application role Tasks

Administrators

Target system administrators must be assigned to the Target systems | Administrators application role.

Users with this application role:

  • Administer application roles for individual target system types.

  • Specify the target system manager.

  • Set up other application roles for target system managers if required.

  • Specify which application roles for target system managers are mutually exclusive.

  • Authorize other employees to be target system administrators.

  • Do not assume any administrative tasks within the target system.

Target system managers

Target system managers must be assigned to the Target systems | <target system> application role or a child application role.

NOTE: There is at least one application role per target system for target system managers. This application role is available if the target system module is installed.

Users with this application role:

  • Assume administrative tasks for the target system.

  • Create, change, or delete target system objects.

  • Edit password policies for the target system.

  • Prepare system entitlements to add to the IT Shop.

  • Can add employees who have another identity than the Primary identity.

  • Configure synchronization in the Synchronization Editor and define the mapping for comparing target systems and One Identity Manager.

  • Edit the synchronization's target system types and outstanding objects.

  • Authorize other employees within their area of responsibility as target system managers and create child application roles if required.

Target system managers for Unified Namespace

Target system managers must be assigned to the Target systems | Unified Namespace application role or a child application role.

Users with this application role:

  • Obtain view of the objects in the connected target systems across all target systems.

  • Can create reports across all target systems.

If the users are also target system managers of the basic underlying target systems, you can manage these target systems through the Unified Namespace.

Application roles for Universal Cloud Interface

NOTE: Application roles are available if the Universal Cloud Interface Module is installed.

The following application roles are available for managing cloud systems.

Table 12: Application roles for Universal Cloud Interface
Application role Tasks

Cloud administrators

Cloud administrators must be assigned to the Universal Cloud Interface | Administrators application role or a child application role.

Users with this application role:

  • Manage application roles for the Universal Cloud Interface.

  • Set up other application roles as required.

  • Configure synchronization in the Synchronization Editor and define the mapping for comparing cloud applications and One Identity Manager.

  • Edit cloud application in the Manager.

  • Edit pending, manual provisioning processes in the Web Portal and obtain statistics.

  • Obtain information about the cloud objects in the Web Portal and the Manager.

Cloud operators

The cloud operators must be assigned to the Universal Cloud Interface | Operators application role or a child application role.

Users with this application role:

  • Edit pending, manual provisioning processes in the Web Portal and obtain statistics.

Cloud auditors

The cloud auditors must be assigned to the Universal Cloud Interface | Auditors application role or a child application role.

Users with this application role:

  • Can view manual provisioning processes in the Web Portal and obtain statistics.

Application role for Privileged Account Governance

NOTE: This application role is available if the module Privileged Account Governance Module is installed.

Table 13: Application role for Privileged Account Governance
Application role Description

Asset and account owners

Owners of privileged objects, such as PAM assets, PAM asset accounts, PAM directory accounts, PAM asset groups, and PAM account groups must be assigned to an application role under the Privileged Account Governance | Asset and account owners application role.

Users with this application role:

  • Make decisions about requesting access requests for privileged objects.

  • Attest the possible user access to these privileged objects.

Application roles for Application Governance

NOTE: This application role is available if the module Application Governance Module is installed.

Table 14: Application roles for Application Governance
Application role Tasks

Administrators

Administrators must be assigned to the Application Governance | Administrators application role.

Users with this application role:

  • Create new business applications in the Web Portal.

  • Manage all business applications in the Web Portal.

Owner

The owners of business applications must be assigned to the Application Governance | Owners application role.

Users with this application role:

  • Can edit business applications that they manage in the Web Portal.

Approver

Approvers must be assigned to the Application Goverance | Approvers application role.

Users with this application role:

  • Approve requests for business application products.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation