Chatta subito con l'assistenza
Chat con il supporto

Identity Manager On Demand - Starling Edition Hosted - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning identities, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded identities Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Certifying departments, cost centers, and locations Reports about departments, cost centers, and locations
Identity administration
One Identity Manager users for managing identities Basics for managing identities Creating and editing identities Assigning company resources to identities Displaying the origin of identities' roles and entitlements Analyzing role memberships and identity assignments Deactivating and deleting identities Deleting all personal data Limited access to One Identity Manager Changing the certification status of identities Displaying the identities overview Displaying and deleting identities' Webauthn security keys Determining the language for identities Determining identities working hours Manually assigning user accounts to identities Entering tickets for identities Assigning extended properties to identities Reports about identities Basic configuration data for identities
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing identities Configuration parameters for managing devices and workdesks

Role types for departments, cost centers, and locations

To achieve better classification, you can define role types and assign them to role classes and roles. The following restrictions apply:

  • You can assign a role type to several role classes.

  • If you assign role types to a role class you can only select these role types for the roles of this role class. Other role types are not available for selection.

  • If you do not assign a role type to a role class, you can only use role types that are not assigned to any other role class for roles in this role class.

  • The Business role role type is predefined. This role type cannot be assigned to the Department, Cost center, or Location role classes. Assign this role type to role classes that map business roles.

Example:

The Business role role type is predefined. The Region, Country, Sales, and Development role types are also created.

  • The Business roles role type is assigned to the External projects role class.

    The Business roles role type can also be given to roles of this role class.

  • The Business roles, Region, and Country role types are assigned to the Employee role class.

    The Business roles, Region, and Country role types can also be given to roles of this role class.

  • The Region and Country role types are assigned to the Location role class.

    The Region and Country role types can also be given locations.

  • The Cost center and Department role classes are not assigned any role types.

    The Sales and Development role types can also be given to cost centers and departments.

Creating role types for departments, cost centers, and locations

For additional classification, you can create and edit role types. You cannot edit default role types.

To create role types

  1. In the Manager, select the Organizations > Basic configuration data > Role types category.

  2. Click in the result list.

  3. Enter the following information:

    • Role type: Role type name. Translate the given text using the button.

    • Description: (Optional) Text field for additional explanation.

    • No multiple assignment of identities: This option does not work for departments, cost centers, and locations.

  4. Save the changes.

To create role types

  1. In the Manager, select the Organizations > Basic configuration data > Role types category.

  2. Select the role type in the result list.

  3. Select the Change main data task.

  4. Edit the main data.

  5. Save the changes.

Assigning role classes to role types for departments, cost centers, and locations

For additional classification, you can define role types and assign them to role classes. Note the restrictions given under Role types for departments, cost centers, and locations.

To assign role classes to a role type

  1. In the Manager, select the Organizations > Basic configuration data > Role types category.

  2. Select the role type in the result list.

  3. Select the Assign role classes task.

  4. In the Add assignments pane, assign the organizations:

    • On the Departments tab, assign departments.

    • On the Locations tab, assign locations.

    • On the Cost centers tab, assign cost centers.

    TIP: In the Remove assignments pane, you can remove assigned organizations.

    To remove an assignment

    • Select the organization and double-click .

  5. Save the changes.

Related topics

Functional areas for departments, cost centers, and locations

To analyze rule checks for different areas of your company in the context of identity audit, you can set up functional areas. Functional areas can be assigned to hierarchical roles and service items. You can enter criteria that provide information about risks from rule violations for functional areas and hierarchical roles. To do this, you specify how many rule violations are permitted in a functional area or a role. You can enter separate assessment criteria for each role, such as a risk index or transparency index.

Moreover, functional areas can be replaced by peer group analysis during request approvals or attestation cases.

Example: Use of functional areas

To assess the risk of rule violations for cost centers. Proceed as follows:

  1. Set up functional areas.

  2. Assign cost centers to the functional areas.

  3. Define assessment criteria for the cost centers.

  4. Specify the number of rule violations allowed for the functional area.

  5. Assign compliance rules required for the analysis to the functional area.

  6. Use the One Identity Manager report function to create a report that prepares the result of rule checking for the functional area by any criteria.

To create or edit a functional area

  1. In the Manager, select the Organizations > Basic configuration data > Functional areas category.

  2. In the result list, select a function area and run the Change main data task.

    - OR -

    Click in the result list.

  3. Edit the function area main data.

  4. Save the changes.

Enter the following data for a functional area.

Table 9: Functional area properties

Property

Description

Functional area

Description of the functional area

Parent Functional area

Parent functional area in a hierarchy.

Select a parent functional area from the list for organizing your functional areas hierarchically.

Max. number of rule violations

List of rule violation valid for this functional area. This value can be evaluated during the rule check.

NOTE: This property is available if the Compliance Rules Module is installed.

Description

Text field for additional explanation.

For more detailed information about rule checking, see the One Identity Manager Compliance Rules Administration Guide. For more information about peer group analysis, see the One Identity Manager IT Shop Administration Guide and the One Identity Manager Attestation Administration Guide.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione