Main data – Active Directory group (page description)
To open the Main data – Active Directory group page go to Responsibilities > Auditing > Active Directory > Show details > Main data.
On the Main data – Active Directory group page, you can see the Active Directory group's main data (see Displaying system entitlement main data).
Enter the following main data:
Table 678: Active Directory group main data
Name |
Shows you the full, descriptive name of the Active Directory group. |
Canonical name |
Shows you the automatically generated canonical name of the Active Directory group. |
Distinguished name |
Shows you the automatically generated distinguished name of the Active Directory group. |
Display name |
Shows you the name of the Active Directory group used to display Active Directory group in the One Identity Manager tools. |
Container |
Shows you the parent container of the Active Directory group. |
Service item |
Shows you the assigned service items. |
Category |
Shows you the category for Active Directory group inheritance.
User accounts can inherit Active Directory groups selectively. To do this, Active Directory groups and user accounts are divided into categories. |
Description |
Shows you the Active Directory group's description. |
Risk index |
Shows you the configured risk index.
This value specifies the risk of assigning this Active Directory group to a user account.
For more information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide. |
IT shop |
Shows you whether the Active Directory group can be requested in the IT Shop. If set, the Active Directory group can be requested by identities using the Web Portal and granted through a defined approval process. The Active Directory group can still be assigned directly to identities and hierarchical roles.
For detailed information about IT Shop, see the One Identity Manager IT Shop Administration Guide. |
Only use in IT Shop |
Shows you whether the Active Directory group can only be requested through the IT Shop. If set, the Active Directory group can be requested by identities using the Web Portal and granted through a defined approval process. You cannot assign an Active Directory group to hierarchical roles directly. |
Memberships – Active Directory group (page description)
To open the Memberships – Active Directory group page go to Responsibilities > Auditing > Active Directory > Show details > Memberships.
On the Memberships - Active Directory group page, you can see identities to which the Active Directory group is assigned.
The following table gives an overview of the different content on the Memberships – Active Directory group page.
Table 679: Columns
Identity |
Shows you the name of the identity to which the Active Directory group is assigned. |
Origin |
Shows whether the Active Directory group is assigned directly or indirectly to the employee. |
TIP: For each identity, you can see more useful information in the details pane. To do this, click the appropriate instance in the list. If the identity obtained the membership through a request, you will find more information on the following tabs on the Request tab:
-
Information: Displays general information about a request. The information displayed varies and is dependent on the service category from which the request was triggered.
-
Workflow: Displays the life cycle chronologically as from the time of request.
-
Compliance: Displays possible rule violations for this request.
-
Entitlements: Show which entitlement are assigned to the role (if a role was requested).
TIP: You can show less data by using the column filters. For more information, see Filtering.
Attestations – Active Directory group (page description)
To open the Attestation – Active Directory group page go to Responsibilities > Auditing > Active Directory > Show details > Attestation.
On the Attestation - Active Directory group page, you can:
The following tables give you an overview of the various features and content on the Attestation - Active Directory group page.
Table 682: Columns
Display name |
Shows the name of the object included in the attestation case. |
Attestation policy |
Shows the name of the attestation policy in use. |
State |
Shows the current status of the attestation case.
The following status' are possible:
-
Pending: The attestation case is not closed yet and must still be approved.
-
Approved: The attestation case was approved. In the details pane, on the Workflow tab, you can see why the attestation case was granted approval.
-
Denied: The attestation case was denied. In the details pane, on the Workflow tab, you can see why the attestation case was denied approval. |
New |
Shows whether the attestation case is new. New cases have not been granted approval yet but might have been denied approval before. |
Due date |
Shows by when the attestation case must be completed. |
Risk index |
Show the attestation case's risk index. |
TIP: You can show less data by using the column filters. For more information, see Filtering.
Child groups – Active Directory group (page description)
To open the Compliance - Active Directory group page go to Responsibilities > Auditing > Active Directory > Show details > Compliance.
On the Compliance - Active Directory group page, you can see all the child groups of the Active Directory group (see Displaying system entitlement child groups).