Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Identity Manager 8.2 - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning employees, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded employees Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Reports about departments, cost centers, and locations
Employee administration
One Identity Manager users for employee administration Basic data for employee main data Employee's central user account Employee's default email address Employee's central password Mapping multiple employee identities Password policies for employees Creating and editing employees Disabling and deleting employees Deleting all employee related data Limited access to One Identity Manager Changing the certification status of employees Assigning company resources to employees Displaying the origin of employees' roles and entitlements Analyzing role memberships and employee assignments Displaying the employees overview Displaying and deleting employees' Webauthn security keys Determining the language for employees Determining employees working hours Manually assigning user accounts to employees Entering calls for employees Assigning extended properties to employees Employee reports
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Effective configuration parameters for setting up employees Configuration parameters for managing devices and workdesks

Functional areas for departments, cost centers, and locations

To analyze rule checks for different areas of your company in the context of identity audit, you can set up functional areas. Functional areas can be assigned to hierarchical roles and service items. You can enter criteria that provide information about risks from rule violations for functional areas and hierarchical roles. To do this, you specify how many rule violations are permitted in a functional area or a role. You can enter separate assessment criteria for each role, such as a risk index or transparency index.

Moreover, functional areas can be replaced by peer group analysis during request approvals or attestation cases.

Example: Use of functional areas

To assess the risk of rule violations for cost centers. Proceed as follows:

  1. Set up functional areas.

  2. Assign cost centers to the functional areas.

  3. Define assessment criteria for the cost centers.

  4. Specify the number of rule violations allowed for the functional area.

  5. Assign compliance rules required for the analysis to the functional area.

  6. Use the One Identity Manager report function to create a report that prepares the result of rule checking for the functional area by any criteria.

To create or edit a functional area

  1. In the Manager, select the Organizations > Basic configuration data > Functional areas category.

  2. In the result list, select a function area and run the Change main data task.

    - OR -

    Click in the result list.

  3. Edit the function area main data.

  4. Save the changes.

Enter the following data for a functional area.

Table 9: Functional area properties

Property

Description

Functional area

Description of the functional area

Parent Functional area

Parent functional area in a hierarchy.

Select a parent functional area from the list for organizing your functional areas hierarchically.

Max. number of rule violations

List of rule violation valid for this functional area. This value can be evaluated during the rule check.

NOTE: This property is available if the Compliance Rules Module is installed.

Description

Text field for additional explanation.

For more detailed information about rule checking, see the One Identity Manager Compliance Rules Administration Guide. For more information about peer group analysis, see the One Identity Manager IT Shop Administration Guide and the One Identity Manager Attestation Administration Guide.

Attestors for departments, cost centers, and locations

NOTE: This function is only available if the Attestation Module is installed.

In One Identity Manager you can assign departments, cost centers, and locations to employees who can be brought in as attestors in attestation cases, provided that the approval workflow is set up accordingly. To do this, assign the departments, cost centers, and locations to application roles for attestors. For detailed information about attestation, see the One Identity Manager Attestation Administration Guide.

A default application role for attestors is available in One Identity Manager. You may create other application roles as required. For detailed information about application roles, see the One Identity Manager Authorization and Authentication Guide.

Table 10: Default application roles for attestors
User Tasks

Approvers for organizations

 

Attestors must be assigned to the Identity Management | Organizations | Attestors application role or a child application role.

Users with this application role:

  • Attest correct assignment of company resources to departments, cost centers, and locations for which they are responsible.

  • Can view main data for departments, cost centers, and locations but cannot edit them.

NOTE: This application role is available if the module Attestation Module is installed.

To add employees to default application roles for attestors

  1. In the Manager, select the Organizations > Basic configuration data > Attestors category.

  2. Select the Assign employees task.

  3. In the Add assignments pane, add employees.

    TIP: In the Remove assignments pane, you can remove assigned employees.

    To remove an assignment

    • Select the employee and double-click .

  4. Save the changes.

Approvers and approvers (IT) for departments, cost centers, and locations

In One Identity Manager you can assign departments, cost centers and locations to employees who can be brought in as approvers in approval processes for IT Shop requests, provided that the approval workflow is set up accordingly. To do this, assign the departments, cost centers, and locations to application roles for role approvers. For more information, see the One Identity Manager IT Shop Administration Guide.

Default application roles for approvers and approvers (IT) are available in One Identity Manager. You may create other application roles as required. For detailed information about implementing and editing application roles, see theOne Identity Manager Authorization and Authentication Guide.

Table 11: Default application roles for approvers
User Tasks

Approvers for organizations

 

Role approvers must be assigned to the Identity Management | Organizations | Role approvers application role or a child application role.

Users with this application role:

  • Are approvers for the IT Shop.

  • Approve request from departments, cost centers, and locations for which they are responsible.

Approvers (IT) for organizations

 

IT role approvers must be assigned to the Identity Management | Organizations | Role approvers (IT) application role or a child application role.

Users with this application role:

  • Are IT role approvers for the IT Shop.

  • Approve request from departments, cost centers, and locations for which they are responsible.

To specify a role approver or role approver (IT)

  1. In the Manager, select the Organizations > Basic configuration data > Role approvers category.

    - OR -

    In the Manager, select the Organizations > Basic configuration data > Role approvers (IT) category.

  2. Select the Assign employees task.

  3. In the Add assignments pane, add employees.

    TIP: In the Remove assignments pane, you can remove assigned employees.

    To remove an assignment

    • Select the employee and double-click .

  4. Save the changes.

Creating and editing departments

To create or edit a department

  1. In the Manager, select the Organizations > Departments category.

  2. In the result list, select a department and run the Change main data task.

    - OR -

    Click in the result list.

  3. Edit the department's main data.

  4. Save the changes.
Detailed information about this topic
Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation