Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Identity Manager 8.1.4 - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Managing departments, cost centers, and locations Working with dynamic roles Employee administration
One Identity Manager users for employee administration Basic data for employee master data Entering employee master data Employee's central user account Employee's central password Employee's default email address Mapping multiple employee identities Disabling and deleting employees Password policies for employees Limited access to One Identity Manager Assigning company resources to employees Displaying the origin of an employee's roles and entitlements Analyzing role memberships and employee assignments Additional tasks for managing employees Determining an employee’s language Determining an employee's working hours Employee reports
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Effective configuration parameters for setting up employees Configuration parameters for managing devices and workdesks

General employee master data

Enter the following general master data for an employee. This data applies to personal and job-related employee data.

Table 31: General master data

Property

Description

First name

Employee's first name.

Last name

Employee's last name.

Middle name

Second middle name.

Form of address

Employee's form of address. This is automatically set depending on gender.

Title

Employee's title.

Surname prefix

Employee's surname prefix, for example du, or von.

Preferred name

Employee's preferred name.

Initials

Employee's initials. These are automatically taken from first and last names.

Gender

Employee's gender.

Date of birth

Employee's date of birth.

Name at birth

Employee's name at date.

Job description

Description of employee's job within your company.

Generational affix

  • Affix, for example Senior or Junior.

    • Language

    Language used for sending email notifications to the employee. This setting is also used for Web Portal's display.

    Language for value formatting

    Language used to display values, for example, date, time, or number formats. The setting is taken into account when email notifications are sent to the employee. This setting is also used for Web Portal's display.

    Sub-organization

    Note about sub-organizations to which the Employee belongs.

    Permanently disabled

    Specifies whether the employee is currently employed by the company. If this option is set, the employee has left the company. All privileges as One Identity Manager user are removed.

    Certification status

    Specifies whether the employee master data was approved by the employee's manager. Certification status is set through certification procedures. The following certification status are permitted:

    • New: The employee was newly added to the One Identity Manager database.
    • Certified: The employee master data has been approved by the manager.
    • Denied: The employee master data was not approved by the manager. The employee is permanently disabled.

    VIP

    Labels the employee as important.

    Security risk

    Specifies whether the employee is considered a risk for the company. Depending on how you configure this, you can prevent employees with such labels from inheriting resources and permissions and their user accounts are locked.

    No inheritance

    Specifies whether the employee inherits company resources through roles. If this option is set, the employee cannot inherit. Company resources the employee receives through IT Shop requests are not assigned either. Direct assignments remain intact.

    If the configuration parameter QER | Attestation | UserApproval is set, this option is set depending on the option Disabled permanently. If the employee is permanently disabled, the option No inheritance is set through a formatting rule.

    External

    Specifies whether the employee is employed internally or externally by your company. If this option is set, the employee is external. External employees are excluded from automatic account definition assignment in the default version of One Identity Manager.

    Employee type

    More accurate classification of the employee taking their contractual relationship with the company into account. Permitted values are Employee, Apprentice, Contractor, Consultant, Partner, Customer, Other.

    Contact email address

    E-mail address to which the registration link is sent when a new user account is created using the Self-Registration Web Portal.

    Company

    Enter a company. Use the next to the field to add a new company.

    Workdesk

    Employee's workdesk.

    Risk index (calculated)

    A risk index is calculated to evaluate the risk of an employee based on their permissions. An employee's risk index is determined from the risk indexes of their user accounts. This field is only visible if the QER | CalculateRiskIndex configuration parameter is set. For more detailed information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide.

    Description

    Text field for additional explanation.

    Comment

    Text field for additional explanation.

    Spare field no. 01 ... Spare field no. 10

    Additional company-specific information. Use the Designer to customize display names, formats, and templates for the input fields.

    Related topics

    Organizational employee master data

    Enter the following general master data for an organization.

    Table 32: Organizational master data

    Property

    Description

    Personnel number

    Employee's personnel number.

    Primary department

    Department to which the employee is primary assigned. The employee can obtain company resources through this assignment when One Identity Manager is configured respectively.

    Furthermore, IT operating data for user accounts and mailboxes can be determined though the department.

    Primary cost center

    Cost center to which the employee is primarily assigned. The employee can obtain company resources through this assignment when One Identity Manager is configured respectively.

    Furthermore, IT operating data for user accounts and mailboxes can be determined though the cost center.

    Primary business roles

    Business role to which the employee is assigned. The employee can obtain company resources through this assignment when One Identity Manager is configured respectively.

    Furthermore, IT operating data for user accounts and mailboxes can be determined though the business role.

    NOTE: This property is available if the Business Roles Module is installed.

    Security identification

    Security code for the employee for, for example, access permission.

    User account creation date

    Date on which to create the user account in the target system. This date should be earlier than the entry date. Use custom processes to automatically create user accounts in One Identity Manager on this date.

    Entry date

    Date the employee started at the company. This is filled with the current date when the employee is added.

    End date

    Date the employee started at the company. Enter an end date for the employee to lock their user account at a specific point in time. The end date is checked regularly by the schedule Lock accounts of employees that have left the company. When the end date arrives, the employee is blocked.

    Company member

    Additional information about the employee’s affiliation.

    Temporarily disabled

    Specifies whether the employee is temporarily absent from the company If this option is set, enter the time period for the temporary absence.

    Temporarily disabled from

    Date from which the employee and associated user accounts are disabled.

    Temporarily disabled until

    Date until which the employee and associated user accounts are disabled. A Enable temporarily disabled accounts schedule is implemented that monitors the end date of the temporary deactivation. When this date is reached the employee and their user accounts are re-enabled.

    Last working day

    Change the date of the last working day if, for example, an employee leaves the company on a specific day but access to their data should be remain available for longer.

    NOTE: The date of the last working day is copied to the employee’s user accounts as the expiration date. This overwrites the existing account expiration date.

    Manager

    An employee’s manager can assume several tasks in One Identity Manager such as:

    • Edit employee master data for their staff
    • Certify employee master data for their staff
    • Attest company resources assigned to their staff
    • Approve request for their staff in the IT Shop

    Employee cannot be assigned as their own manager.

    Sponsor

    When a new employee is added through the Web Portal, you can make additional notes like the manager or sponsor.

    Related topics

    Address data

    Enter the following data for an employee, which describes the employee's location in the company.

    Table 33: Address data

    Property

    Description

    Primary location

    Location to which the employee is primarily assigned. The employee can obtain company resources through this assignment if One Identity Manager is configured respectively.

    Furthermore, IT operating data for user accounts and mailboxes can be determined though the location.

    Phone

    Employee's telephone number.

    Mobile phone

    Employee's mobile number.

    Fax

    Employee's fax number.

    Display in phone book

    Specifies whether the employee can be shown in the telephone book.

    Street

    Street or road.

    Building

    Building

    Office mailbox

    Office mailbox.

    Zip code

    Zip code.

    City

    City.

    Country

    Country. You require this to determine the employee's language and working hours. This data is usually stored with the employee's location or department data. You can also enter it directly in the employee's data. This setting is also used for Web Portal's display.

    State

    State. You require this to determine the employee's language and working hours. This data is usually stored with the employee's location or department data. You can also enter it directly by the employee.

    Floor

    Floor.

    Room

    Room.

    Image

    You can import a picture of the employee into the database. To do this, use the button next to the picture box to browse the image to be displayed.

    Related topics

    Miscellaneous employee master data

    Enter the following general master data for an employee. This data applies to the target system login, identities, One Identity Manager login data, and employee import data.

    Table 34: Miscellaneous master data

    Property

    Description

    Central user account

    One Identity Manager user identifier. In One Identity Manager default installation, the central user account is made up of the first and the last name of the employee. An employee’s central user account affects the composition of user accounts in each target system. The central user account is still used for logging into the One Identity Manager tools.

    Central SAP user account

    Name used to form the user account name in the SAP R/3 target system. In the One Identity Manager default installation, the central user account is made up of the first and the last name of the employee.

    NOTE: This property is only available if the SAP R/3 User Management Module is installed.

    E-Business Suite user account

    Name used to form the user account name in the Oracle E-Business Suite target system. In the One Identity Manager standard installation, the E-Business Suite user account is formed from the employee's central user account.

    NOTE: This property is only available if the Oracle E-Business Suite Module is installed.

    E-Business Suite ID

    Unique ID for the HR employee, the AP customer, the AP supplier or the AR parties in the Oracle E-Business Suite.

    NOTE: This property is only available if the Oracle E-Business Suite Module is installed.

    E-Business Suite employee ID

    Personnel number of the HR employee in the Oracle E-Business Suite.

    NOTE: This property is only available if the Oracle E-Business Suite Module is installed.

    Central password and password confirmation

    An employee's central password can be used for logging into the target systems and for logging in to One Identity Manager. Depending on the configuration, an employee's central password is replicated to their user accounts and their system user password.

    Default email address

    Default email address for setting up the employee's inboxes in the individual target systems. This data is absolutely necessary for automatically creating mailboxes. In the One Identity Manager standard installation, the default email address is composed of the employee’s central user account and the default mail domain of the active target system.

    Identity

    Identity type of the person.

    Main identity

    Allocate a main identity here if the employee is managed as a sub-identity in the One Identity Manager. A subidentity allows you to set up special cases in One Identity Manager. If an employee has several user accounts in one target system that must be assigned to different groups, create a separate subidentity for each user account with a link to the main identity.

    Dummy employee

    Specifies whether the employee represents an actual employee or a dummy employee, which is used, for example, for connecting to administrative user accounts.

    Actual employee

    Unique ID of the actual employee.

    X500 dummy

    Specifies whether the employee is managed as an X500 dummy in the One Identity Manager. If an employee has several X500 entries with different properties, you can also use a "Dummy" employee. Label the employee with the option X500 dummy in this case and configure a link to the real X500 employee.

    X500 person

    Assign the X500 dummy employee to an existing employee.

    Logins

    Logins with which the employee can log in to the One Identity Manager administration tools. Enter the login in the form: Domain\User. This information is required if the authentication modules User account and User account (role-based) are used for logging in to One Identity Manager tools.

    For detailed information about the One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide.

    Starling 2FA user ID User ID for multi-factor authentication. For detailed information about multi-factor authentication, see the One Identity Manager IT Shop Administration Guide.

    System users

    System user with which the employee can log in to the One Identity Manager administration tools. The login data is analyzed by the authentication module in use.

    For detailed information about the One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide.

    System user password and password confirmation

    Employee's system user password. Password with which the employee logs in to the One Identity Manager tools.

    User account name (mainframe)

    If an employee is permitted access to the mainframe with their user account, enter the login name here.

    Notebook user

    Just for information.

    Company car

    Just for information.

    Login permitted on terminal server

    Specifies whether this employee is permitted to log in on the terminal server with their user account.

    Remote access permitted

    Specifies whether the employee can dial into the network with their user account.

    Import data source

    Target system or data source respectively, from which the employee was imported. This property is also set by scripts for automatically assigning employees to user accounts.

    Distinguished name

    Distinguished name of the imported employee. This property should be set by the import.

    Canonical name

    Fully qualified name of the imported employee. This property should be set by the import.

    Related topics
    Documents connexes

    The document was helpful.

    Sélectionner une évaluation

    I easily found the information I needed.

    Sélectionner une évaluation