サポートと今すぐチャット
サポートとのチャット

Identity Manager 9.3 - Web Portal User Guide

General tips and getting started Managing background processes Managing reports Managing security keys (WebAuthn) Requests
Setting up and configuring request functions Requesting products Managing the Saved for Later list Pending requests Displaying request history Displaying archived requests Sharing products with others Resubmitting requests Canceling requests Renewing products with limit validity periods Unsubscribing products Displaying approvals Undoing request approvals Managing request inquiries directed at you
Attestation
Managing attestations Managing attestation inquiries directed at you Displaying attestation history Managing your own attestation cases Managing pending attestations Revoking attestation case approvals
Compliance Managing risk index functions Responsibilities
Managing task delegations Ownerships Managing my responsibilities
Managing my departments Managing my application roles Managing my devices Managing my business roles Managing my identities Managing my cost centers Managing my multi-request resources Managing my multi requestable/unsubscribable resources Managing my resources Managing my software applications Managing my locations Managing my system entitlements Managing my system roles Managing my assignment resources Managing my team role
Managing responsibilities of my reports
Managing data
Managing departments Managing application roles Managing user accounts Managing business roles Managing identities Managing cost centers Managing multi-request resources Managing multi requestable/unsubscribable resources Managing resources Managing locations Managing system entitlements Managing system roles Managing assignment resources
Opening other web applications Managing tickets Statistics Appendix: Attestation conditions and approval policies from attestation procedures

Requesting privileged access

You can use the Privileged access requests service category to request privileged access to high-security systems (Privileged Account Management systems).

TIP: For more information on the topic of Privileged Account Management, see the One Identity Manager Administration Guide for Privileged Account Governance.

To request privileged access

  1. In the menu bar, click Requests > New request.

  2. On the New Request page, in the Service Categories pane, click the Privileged Access Requests service category.

  3. Select how you want to access the system by selecting the check box next to the relevant option:

    • API key request: Request a temporarily valid API key.

    • File request: Request files for accounts.

    • Password release request: Request a temporary password.

    • Remote desktop application request: Request temporary access to a remote desktop application.

    • Remote desktop session request: Request temporary access through a remote desktop connection.

    • SSH key request: Request temporarily valid SSH key.

    • SSH session request: Request temporary access through an SSH session.

    • Telnet session requests: Request temporary access using a Telnet session.

  4. Click Add to cart.

  5. In the Request Details side panel, expand the selected product.

  6. In the PAM user account drop-down, select the PAM user account that you want to use for PAM access.

  7. Depending on the type of access you have selected, perform one of the following actions:

  8. Perform the following actions:

    1. In the Account to access field, click Select.

    2. In the Edit Property side panel, select whether you want to request access for a PAM asset account or a PAM directory account.

    3. Next to the corresponding PAM asset account or PAM directory account, click Select.

  9. (Optional) In the Comment field, enter a comment, for example, to justify why you are requesting this access.

  10. In the Valid from field, specify the time from which you want the access to be valid or clear the check box so that access is valid from the time of this request.

  11. In Checkout duration, enter the number of minutes for which the access is valid.

    NOTE: This duration refers to your entry in the Valid from field. For example, if you have specified that the access is valid from 12 noon tomorrow and should be valid for 60 minutes, then the validity period will expire at 1 pm tomorrow.

  12. Click Apply.

  13. (Optional) Repeat the steps for all other users and access types.

  14. Click Add to cart.

  15. Click Go to cart.

    TIP: You can also add more products to your shopping cart and configure various settings. For more information, see Managing products in the shopping cart.

  16. On the Shopping Cart page, click Submit.

    Once the request has been approved, a button will appear in the request details pane of the request history (see Displaying request history) that you can use to log in to the Privileged Account Management system to obtain the login credentials.

Related topics

Requests for Active Directory groups

To manage Active Directory groups, you can make different requests.

Detailed information about this topic

Requesting new Active Directory groups

To create a new Active Directory group, you must request either the Create an Active Directory security group product or the Create an Active Directory distribution group product.

To request a new Active Directory group

  1. In the menu bar, click Requests > New request.

  2. On the New Request page, in the Service Categories pane, click the Active Directory groups service category.

  3. Perform one of the following actions:

    • To request a new Active Directory security group, select the check box next to New Active Directory security group.

    • To request a new Active Directory distribution group, select the check box next to New Active Directory distribution group.

  4. Click Add to cart.

  5. In the Request Details side panel, perform one of the following actions:

    • As a requester without responsibility for the target system, enter a name for the new group in the Suggested name field.

    • As the target system manager, provide additional details about the new group:

      • Name: Enter a name for the group.

      • Group scope: Select the scope that specifies the range of the group's usage within the domain or forest. The group's scope specifies where the group is allowed to issue permissions. You can select one of the following group scopes:

        • Global group: Global groups can be used to provide cross-domain authorizations. Members of a global group are only user accounts, computers, and groups belonging to the global group’s domain.

        • Local: Local groups are used when authorizations are issued within the same domain. Members of a domain local group can be user accounts, computers, or groups in any domain.

        • Universal: Universal groups can be used to provide cross-domain authorizations available. Universal group members can be user accounts and groups from all domains in one domain structure.

      • Container: Click Select and select a container for the group.

  6. Click Apply.

  7. Click Add to cart.

  8. Click Go to cart.

    TIP: You can also add more products to your shopping cart and configure various settings. For more information, see Managing products in the shopping cart.

  9. On the Shopping Cart page, click Submit.

Related topics

Requesting changes to Active Directory groups

To change the type or scope of Active Directory groups, you must request the Change an Active Directory group product.

To change an Active Directory group

  1. In the menu bar, click Requests > New request.

  2. On the New Request page, in the Service Categories pane, click the Active Directory groups service category.

  3. Select the check box next to Modify Active Directory group.

  4. Click Add to cart.

  5. In the Request Details pane, in the Active Directory group drop-down, select the Active Directory group that you want to change.

  6. (Optional) In the Group scope drop-down, select the scope that specifies the range of the group's usage within the domain or forest. The group's scope specifies where the group is allowed to issue permissions. You can select one of the following group scopes:

    • Global group: Global groups can be used to provide cross-domain authorizations. Members of a global group are only user accounts, computers, and groups belonging to the global group’s domain.

    • Local: Local groups are used when authorizations are issued within the same domain. Members of a domain local group can be user accounts, computers, or groups in any domain.

    • Universal: Universal groups can be used to provide cross-domain authorizations available. Universal group members can be user accounts and groups from all domains in one domain structure.

  7. (Optional) In the Type drop-down, select the type of Active Directory group (security or distribution group).

  8. Click Apply.

  9. Click Add to cart.

    TIP: You can also add more products to your shopping cart and configure various settings. For more information, see Managing products in the shopping cart.

  10. Click Go to cart.

  11. On the Shopping Cart page, click Submit.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択