Tchater maintenant avec le support

Obtenir une aide instantanée
Terminer l’enregistrement

Se connecter

Demander les tarifs

Contacter le service des ventes

Identity Manager 9.2 - Administration Guide for Privileged Account Governance

Parcourir le contenu

About this guide Managing a Privileged Account Management system in One Identity Manager

Architecture overview One Identity Manager users for managing Privileged Account Management Configuration parameters for managing Privileged Account Management systems

Synchronizing a Privileged Account Management system

Setting up the initial synchronization of a One Identity Safeguard

Users and permissions for synchronizing with a One Identity Safeguard appliance Setting up the One Identity Safeguard synchronization server

System requirements for the One Identity Safeguard synchronization server Installing the safeguard-ps Windows PowerShell module Installing One Identity Manager Service with a One Identity Safeguard connector

Preparing the administrative workstation for access to the One Identity Safeguard appliance Preparing a remote connection server for access to the One Identity Safeguard appliance Creating a synchronization project for initial synchronization of a One Identity Safeguard appliance

Information required for setting up a synchronization project Creating an initial synchronization project for One Identity Safeguard

Configuring the synchronization log

Customizing the synchronization configuration for One Identity Safeguard

Configuring synchronization to a One Identity Safeguard appliance Configuring synchronization of multiple One Identity Safeguard appliances Changing system connection settings of One Identity Safeguard appliances

Editing connection parameters in the variable set Editing target system connection properties Adjusting the Windows PowerShell definition of the One Identity Safeguard connector

Updating schemas Speeding up synchronization with revision filtering Configuring the provisioning of memberships Configuring single object synchronization Accelerating provisioning and single object synchronization

Running synchronization

Starting synchronization Displaying synchronization results Deactivating synchronization Synchronizing single objects

Tasks following synchronization

Post-processing outstanding objects Adding custom tables to the target system synchronization Managing PAM user accounts through account definitions

Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)

Managing PAM user accounts and identities

Account definitions for PAM user accounts

Creating account definitions Editing account definitions Main data for account definitions Editing manage levels Creating manage levels Assigning manage levels to account definitions Main data for manage levels creating mapping rules for IT operating data Entering IT operating data Modify IT operating data Assigning account definitions to identities

Assigning account definitions to departments, cost centers, and locations Assigning account definitions to business roles Assigning account definitions to all identities Assigning account definitions directly to identities Assigning account definitions to system roles Adding account definitions in the IT Shop

Assigning account definitions to PAM appliances Deleting account definitions

Assigning identities automatically to PAM user accounts

Editing search criteria for automatic identity assignment Finding identities and directly assigning them to user accounts Changing manage levels for PAM user accounts Assigning account definitions to linked PAM user accounts

Manually linking identities to PAM user accounts Supported user account types

Default user accounts Administrative user accounts

Providing administrative user accounts for one identity Providing administrative user accounts for several people

Privileged user accounts

Specifying deferred deletion for PAM user accounts

Managing assignments of PAM user groups

Assigning PAM user groups to PAM user accounts in One Identity Manager

Prerequisites for indirect assignment of PAM groups to PAM user accounts Assigning PAM user groups to departments, cost centers, and locations Assigning PAM user groups to business roles Adding PAM user groups to system roles Adding PAM user groups to the IT Shop Adding local PAM user groups to the IT Shop automatically Assigning PAM user accounts directly to a PAM user group Assigning PAM user groups directly to a PAM user account

Effectiveness of membership in PAM user groups PAM user group inheritance based on categories Overview of all assignments

Login credentials for PAM user accounts

Password policies for PAM users

Predefined password policies Using password policies Editing password policies Creating password policies General main data for password policies Policy settings Character classes for passwords Custom scripts for password requirements

Checking passwords with a script Generating passwords with a script

Editing the excluded list for passwords Checking passwords Testing the generation of passwords

Initial password for new PAM user accounts Email notifications about login data

Mapping PAM objects in One Identity Manager

Creating PAM appliances Editing the main data of PAM appliances General main data of PAM appliances Defining categories for the inheritance of PAM user groups Editing the synchronization project for a PAM appliance Displaying the PAM appliance overview

PAM user accounts

Creating local PAM user accounts Creating certificate-based PAM user accounts Creating PAM user accounts for directory users Editing main data of PAM user accounts General main data of PAM user accounts Contact information for PAM user accounts Secondary authentication for PAM user accounts Administrative entitlements for PAM user accounts Assigning extended properties to PAM user accounts Disabling PAM user accounts Deleting and restoring PAM user accounts Displaying the PAM user account overview

PAM user groups

Editing main data of PAM user groups General main data of PAM user accounts Administrative entitlements for PAM user groups Assigning extended properties to PAM user groups Displaying the PAM user group overview

Displaying the PAM assets overview Displaying main data of PAM assets

PAM asset groups

Displaying the PAM asset groups overview Displaying main data of PAM asset groups

PAM asset accounts

Displaying the PAM asset accounts overview Displaying main data of PAM asset accounts Specifying risk indexes for PAM asset accounts

PAM directory accounts

Displaying the PAM directory account overview Displaying main data of PAM directory accounts Specifying risk indexes for PAM directory accounts

PAM account groups

Displaying the PAM account groups overview Displaying main data of PAM account groups

PAM directories

Displaying the PAM directories overview Displaying main data of PAM directories

Assigning owners to partitions

PAM entitlements

Displaying the PAM entitlements overview Displaying the main data of PAM entitlements

PAM access request policies

Displaying the PAM access request policies overview Displaying main data of PAM access request policies

Reports about PAM objects

PAM access requests

System requirements for requesting PAM access requests Requesting PAM access requests PAM object owners

Automatically determining the owners Manually specifying identities as PAM object owners Manually specifying application roles for PAM object owners

Configuring PAM access request policies

Handling of PAM objects in the Web Portal Basic data for managing a Privileged Account Management system

Target system managers for PAM systems Job server for PAM-specific process handling

Editing PAM Job servers General main data of Job servers Specifying server functions

Configuration parameters for managing a Privileged Account Management system Default project template for One Identity Safeguard Editing One Identity Safeguard system objects One Identity Safeguard connector settings Known issues about connecting One Identity Safeguard appliances

Displaying main data of PAM directories

You cannot edit properties of directories in One Identity Manager.

To display the properties of a directory

In the Manager, select the Privileged Account Management > Appliances > <appliance> > Directories category.
Select the directory in the result list.
Select the Change main data task.

PAM partitions

Partitions allow the responsibility for managing assets and directories to be distributed amongst different user accounts and user groups. Partitions are imported into the One Identity Manager database during synchronization. Partition properties cannot be edited. Changes to the object properties of individual partitions can be re-imported by single object synchronization.

To display the properties of a partition

In the Manager, select the Privileged Account Management > Appliances > <appliance> > Privileged Objects > Partitions category.
Select the partition in the result list.
Select the Change main data task.

This shows you an overview of the assets and directories that are connected with the partition as well as an overview of the partition owners.

To obtain an overview of a partition

In the Manager, select the Privileged Account Management > Appliances > <appliance> > Privileged Objects > Partitions category.
Select the partition in the result list.
Select the PAM partition overview task.

Related topics

Assigning owners to partitions

You can specify an owner for PAM partitions. In One Identity Safeguard, owners of a PAM partition can manage assets and directories for user accounts in the password policies or profiles, for example.

To assign owners to a partition

In the Manager, select the Privileged Account Management > Appliances > <appliance> > Privileged Objects > Partitions category.
Select the partition in the result list.
Select the Assign owner task.
Select the table containing the owner from the Table menu at the top of the form. You have the following option:
- PAM user groups
- PAM user accounts
In the Add assignments pane, assign owners.
TIP: In the Remove assignments pane, you can remove assigned owners.

To remove an assignment
- Select the owner and double-click .
Save the changes.

PAM entitlements

An entitlement is a set of access request policies that ensures only authorized users can access the system. An entitlement usually groups together a set of permissions that are required to fulfill a specific task. An entitlement defines which users are authorized to request passwords for accounts or sessions for assets as part of the defined access request policies.

Entitlements are imported into the One Identity Manager database during synchronization. Changes to the object properties of individual entitlements can be re-imported by single object synchronization.

Related topics

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation

© ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center