Enter the location's network configuration data.
| Property | Description |
|---|---|
|
IP offset |
IP offset of the location. |
|
Subnet mask |
Subnet mask of the location. |
Basics for mapping company structures in One Identity Manager
Hierarchical role structure basic principles
Basic principles for assigning company resources
Dynamic roles
Direct company resource assignments
Indirect company resource assignments
Assigning company resources through dynamic roles
Assigning company resources through IT Shop requests
Basics of calculating inheritance
Preparing hierarchical roles for company resource assignments
Possible assignments of company resources through roles
Permitting assignments of employees, devices, workdesks, and company resources to roles
Blocking inheritance using roles
Preventing employees, devices, or workdesks from inheriting individual roles
Preventing inheritance to individual employees, devices, or workdesks
Inheritance exclusion: Specifying conflicting roles
Creating and editing dynamic roles
Tips about conditions for dynamic roles
Testing dynamic role conditions
Calculating role memberships for dynamic roles
Departments, cost centers, and locations
Schedules for calculating dynamic roles
Excluding employees from dynamic roles
Displaying the dynamic role overview
Main data for dynamic roles
Creating and editing dynamic role schedules
Starting dynamic role schedules immediately
Assigning dynamic roles to schedules
Calculating dynamic roles immediately if objects change
Calculating role memberships for dynamic roles immediately
Excluding dynamic roles from recalculation
One Identity Manager users for managing departments, cost centers, and locations
Basic information for departments, cost centers, and locations
Employee administration
Role classes for departments, cost centers, and locations
Role types for departments, cost centers, and locations
Creating and editing departments
Creating role types for departments, cost centers, and locations
Assigning role classes to role types for departments, cost centers, and locations
Functional areas for departments, cost centers, and locations
Attestors for departments, cost centers, and locations
Approvers and approvers (IT) for departments, cost centers, and locations
General main data for departments
Contact data for departments
Functional area and risk assessment for departments
Creating and editing cost centers
Creating and editing locations
General main data for locations
Location address information
Configuring location networks
Directions to location
Functional area and risk assessment for locations
Setting up IT operating data for departments, cost centers, and locations
Assigning employees, devices, and workdesks to departments, cost centers, and locations
Assigning company resources to departments, cost centers, and locations
Creating dynamic roles for departments, cost centers, and locations
Dynamic roles with incorrectly excluded employees
Assign organizations
Specifying inheritance exclusion for departments, cost centers, and locations
Assigning extended properties to departments, cost centers, and locations
Reports about departments, cost centers, and locations
One Identity Manager users for employee administration
Basic data for employee main data
Managing devices and workdesks
Creating and editing business partners for external employees
Mail templates for notifications about employees
Employee's central user account
Employee's default email address
Employee's central password
Mapping multiple employee identities
Password policies for employees
Predefined password policies
Applying employee password policies
Changing the password policy for password columns
Assigning password policies to departments, cost centers, locations, and business roles
Editing password policies for employees
Creating password policies for employees
General main data for password policies
Password policy settings
Character classes for passwords
Custom scripts for password requirements
Defining the excluded list for passwords
Checking employee passwords
Generating passwords for testing employees
Informing employees about expiring passwords
Displaying locked employees and system users
Creating and editing employees
General employee main data
Organizational employee main data
Address data for employees
Miscellaneous employee main data
Disabling and deleting employees
Temporarily deactivating employees
Permanently deactivating employees
Reactivate permanently deactivated employees
Deferred deletion of employees
Deleting all employee related data
Limited access to One Identity Manager
Changing the certification status of employees
Assigning company resources to employees
Assigning employees to departments, cost centers, and locations
Assigning employees to business roles
Adding employees to IT Shop custom nodes
Assigning application roles to employees
Assigning resources directly to employees
Assigning software directly to employees
Assigning system roles directly to employees
Assigning subscribable reports directly to employees
Displaying the origin of employees' roles and entitlements
Analyzing role memberships and employee assignments
Displaying the employees overview
Displaying and deleting employees' Webauthn security keys
Determining the language for employees
Determining employees working hours
Manually assigning user accounts to employees
Entering calls for employees
Assigning extended properties to employees
Employee reports
Basic data for device admin
Managing resources
Creating and editing device models
Creating and editing business partners
Creating and editing device statuses
Creating and editing workdesk statuses
Creating and editing workdesk types
Creating and editing devices
Assigning company resources to devices
Displaying the device overview
Entering service agreements and calls for devices
Creating and editing workdesks
General main data of workdesks
Location information for workdesks
Additional information for workdesks
Assigning company resources to workdesks
Assigning workdesks to departments, cost centers, and locations
Assigning workdesks to business roles
Assigning software directly to workdesks
Assigning system roles directly to workdesks
Displaying the workdesk overview
Assigning devices to workdesks
Assigning workdesks to employees
Entering calls for workdesks
Asset data for devices
One Identity Manager users for managing resources
Basic data for resources
Creating and editing resources
Main data for resources
Assigning resources to employees
Setting up extended properties
Assigning resources to departments, cost centers, and locations
Assigning resources to business roles
Assigning resources directly to employees
Adding resources to the IT Shop
Adding resources in system roles
Displaying the resources overview
Assigning extended properties to resources
Creating and editing multi-request resources
Assigning multi-request resources to employees
Adding multi-request resources to the IT Shop
Displaying the multi-request resource overview
Reports about resources
One Identity Manager users for managing extended properties
Creating property groups for extended properties
Creating and editing extended properties
Main data for extended properties
Assigning extended properties to property groups
Assigning additional property groups to extended properties
Specifying scope limits for extended properties
Displaying the extended properties overview
Assigning objects to extended properties
Configuration parameters for managing departments, cost centers, and locations
Configuration parameters for managing employees
Configuration parameters for managing devices and workdesks
Configuring location networks
Directions to location
Enter another address and a description of the way to reach the location. Use the 
| Property | Description |
|---|---|
|
Visitors address |
Location address for visitors. |
|
Travel directions |
Travel directions to the location. |
Functional area and risk assessment for locations
Here, you can enter values to classify a location for analyzing the risk of a location in the context of identity audit.
| Property | Description |
|---|---|
|
Functional area |
Location's function area. This data is required for location's risk assessment. |
|
Risk index (calculated) |
A risk index is calculated for the location risk assessment based on assigned company resources. This field is only visible if the QER | CalculateRiskIndex configuration parameter is set. For more information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide. |
|
Transparency index |
Specifies how well you can trace location assignments. Use the slider to enter a value between 0 and 1. 0: no transparency 1: full transparency |
|
Max. number of rule violations |
Number of rule violations allowed in this location. The value can be evaluated when compliance rules are checked. For more information, see the One Identity Manager Compliance Rules Administration Guide. NOTE: This property is only available if the Compliance Rules Module is installed. |
|
Turnover for this unit |
Turnover for this location. |
|
Earnings for this unit |
Earnings for this location. |
Related topics
Setting up IT operating data for departments, cost centers, and locations
To create user accounts with the Full managed manage level, the required IT operating data must be determined. The operating data required to automatically supply an employee with IT resources is shown in the departments, locations, or cost centers. An employee is assigned a primary location, primary department, or primary cost center. The necessary IT operating data is ascertained from these assignments and used in creating the user accounts. Default values are used if valid IT operating data cannot be found over the primary roles.
You can also specify IT operating data directly for a specific account definition.
Example:
Normally, each employee in department A obtains a default user account in the domain A. In addition, certain employees in department A obtain administrative user accounts in the domain A.
For more information, see the One Identity Manager Target System Base Module Administration Guide.
To define IT operating data
-
In the Manager, select the Organizations > <role class> category.
-
Select the role in the result list.
-
Select the Edit IT operating data task.
-
Click Add and enter the following data.
-
Effects on: Specify an IT operating data application scope. The IT operating data can be used for a target system or a defined account definition.
To specify an application scope
-
Click
next to the field.
-
Under Table, select the table that maps the target system for select the TSBAccountDef table or an account definition.
-
Select the specific target system or account definition under Effects on.
-
Click OK.
-
-
Column: Select the user account property for which the value is set.
In the menu, you can select the columns that use the TSB_ITDataFromOrg script in their template.
-
Value: Enter a fixed value to assign to the user account's property.
-
- Save the changes.
It operating data for target systemsThe IT operating data necessary in the One Identity Manager default configuration for automatically creating or changing employee user accounts and mailboxes in the target system is itemized in the following table.
NOTE: IT operating data is dependent on the target system and is contained in One Identity Manager modules. The data is not available until the modules are installed.
| Target system type | IT operating data |
|---|---|
|
Active Directory |
Container |
|
Home server | |
|
Profile server | |
|
Terminal home server | |
|
Terminal profile server | |
| Groups can be inherited | |
|
Identity | |
| Privileged user account | |
|
Microsoft Exchange |
Mailbox database |
|
LDAP |
Container |
| Groups can be inherited | |
|
Identity | |
| Privileged user account | |
|
Domino |
Server |
|
Certificate | |
|
Template for mail file | |
|
Identity | |
|
SharePoint |
Authentication mode |
| Groups can be inherited | |
|
Roles can be inherited | |
|
Identity | |
| Privileged user account | |
|
SharePoint Online |
Groups can be inherited |
|
Roles can be inherited | |
|
Privileged user account. | |
| Authentication mode | |
|
Custom target systems |
Container (per target system) |
| Groups can be inherited | |
|
Identity | |
| Privileged user account | |
|
Azure Active Directory |
Groups can be inherited |
|
Administrator roles can be inherited | |
|
Subscriptions can be inherited | |
|
Disabled service plans can be inherited | |
|
Identity | |
| Privileged user account | |
|
Change password at next login | |
|
Cloud target system |
Container (per target system) |
| Groups can be inherited | |
|
Identity | |
| Privileged user account | |
|
Unix-based target system |
Login shell |
| Groups can be inherited | |
|
Identity | |
| Privileged user account | |
|
Oracle E-Business Suite |
Identity |
|
Groups can be inherited | |
|
Privileged user account. | |
|
SAP R/3 |
Identity |
|
Groups can be inherited | |
|
Roles can be inherited | |
|
Profiles can be inherited | |
|
Structural profiles can be inherited | |
|
Privileged user account. | |
|
Exchange Online |
Groups can be inherited |
|
Privileged Account Management |
Authentication provider |
|
Identity | |
|
Groups can be inherited | |
|
Privileged user account | |
|
Google Workspace |
Organization |
|
Identity | |
|
Groups can be inherited | |
|
Products and SKUs can be inherited | |
|
Admin roles assignments can be inherited | |
|
Privileged user account. | |
|
Change password at next login | |