Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Identity Manager 9.1 - Target System Base Module Administration Guide

Basic mechanisms for employee and user account administration The Unified Namespace

Employee's central user account

Table 2: Configuration parameter for forming the central user accounts
Configuration parameter Meaning

QER | Person | CentralAccountGlobalUnique

Specifies how the central user account is mapped.

If this configuration parameter is set, the central user account for an employee is formed uniquely in relation to the central user accounts of all employees and the user account names of all permitted target systems.

If the configuration parameter is not set, it is only formed uniquely related to the central user accounts of all employees.

The employee’s central user account is used to form the user account login name in the active system. The central user account is still used for logging into the One Identity Manager tools. In One Identity Manager default installation, the central user account is made up of the first and the last name of the employee. If only one of these is known, then it is used for the central user account. One Identity Manager checks to see if a central user account with that value already exists. If this is the case, an incremental number is added to the end of the value.

Table 3: Example of forming of central user accounts
First name Last name Central user account

Jo

 

JO

 

User1

J

Jo

User1

JOU

Jo

User2

JOU1

Related topics

Employee's default email address

The employee’s default email address is displayed on the mailboxes in the activated target system. In the One Identity Manager default installation, the default email address is formed from the employee’s central user account and the default mail domain of the active target system.

The default mail domain is determined using the QER | Person | DefaultMailDomain configuration parameter.

  • In the Designer, set the configuration parameter and enter the default mail domain name as a value.
Related topics

Changing employee main data

The following covers only the employee main data that affects the user account of an employee with the Full managed manage level if it is changed in the One Identity Manager default installation.

General changes

General changes refer to data changes relating to an employee’s telephone number, fax number, mobile telephone, street, postal, or ZIP code. This process changes the data in the target system to which the employees are assigned, assuming this data is mapped in the respective target systems.

Changing an employee’s name

Changes to an employee’s name influence how an employee’s central user account is set up. The central user account is made up of the employee’s first and last names according to the formatting rules. The central user account is used as a template for formatting user account login names in some target systems. When a user account is added, other overriding formatting rules control how, for example, the home and profile directories are formatted up from the central user account.

Employee job rotation inhouse

Job rotation is affected by changes to the company data location or department. In One Identity Manager, the administrative tasks for changing the target system specific IT operating data, for example, domains, home servers, or profile servers, are automated. There are other sub-processes for each target system due to system-dependent differences in the actions necessary for changing departments.

Related topics

Templates and processes for implementing account definitions

Only user account properties used in the script template TSB_ITDataFromOrg are available. Create custom templates using this script if you want to use different or additional properties than those in the default installation.

In the One Identity Manager default installation there is one process per target system type for creating user accounts through account definitions. These can be used as templates for the company-specific implementation of the method.

NOTE: Processes are defined in the One Identity Manager modules and are not available until the modules are installed.

The name of the process is formatted as follows:

<MMM>_PersonHasTSBAccountDef_Autocreate_<user account table>

where:

<MMM> = module ID

<user account table> = Table, in which the user account of the target system type is mapped.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation