サポートと今すぐチャット
サポートとのチャット

Identity Manager 8.2.1 - Administration Guide for Privileged Account Governance

About this guide Managing a Privileged Account Management system in One Identity Manager Synchronizing a Privileged Account Management system
Setting up the initial synchronization of a One Identity Safeguard Customizing the synchronization configuration for One Identity Safeguard Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization
Managing PAM user accounts and employees Managing the assignments of PAM user groups Login information for PAM user accounts Mapping of PAM objects in One Identity Manager PAM access requests Handling of PAM objects in the Web Portal Basic data for managing a Privileged Account Management system Configuration parameters for managing a Privileged Account Management system Default project template for One Identity Safeguard Editing One Identity Safeguard system objects One Identity Safeguard connector settings Known issues about connecting One Identity Safeguard appliances

Displaying the PAM appliance overview

Use this task to obtain an overview of the most important information about an appliance.

To obtain an overview of an appliance

  1. In the Manager, select the Privileged Account Management > Appliances category.

  2. Select the appliance in the result list.

  3. Select the PAM appliance overview task.

PAM user accounts

You can use One Identity Manager to manage Privileged Account Management user accounts. A user account enables an employee to log onto the Privileged Account Management system, for example, onto One Identity Safeguard. One Identity Manager manages the local users of a Privileged Account Management system and directory users. Directory users are user accounts from an external target system, for example Active Directory or LDAP.

Through their user group, the user receives the required entitlements, for example, for requesting a password for an asset account or a session for the accounts and assets in the Privileged Account Management system.

A user account can be linked to an employee in One Identity Manager. You can also manage user accounts separately from employees.

NOTE: It is recommended to use account definitions to set up user accounts for company employees. In this case, some of the main data described in the following is mapped through templates from employee main data.

NOTE: If employees are to obtain their user accounts through account definitions, the employees must own a central user account and obtain their IT operating data through assignment to a primary department, a primary location, or a primary cost center.

Related topics

Creating local PAM user accounts

To create a local PAM user account

  1. In the Manager, select the Privileged Account Management > User accounts category.

  2. Click in the result list.

  3. On the General tab, enter the following data as a minimum:
    • Appliance: Appliance to which the user account belongs.

    • Identity provider: Select the Local value.

    • User name: Enter the name to display.

    • Authentication provider: Select how the user is authenticated in the Privileged Account Management system. Depending on the authentication provider, other data may be required.

      • Local: Enter the login name, password, and password confirmation.

      • <External organization>: Enter the email address or the name claim.

      • <RADIUS server>: Enter the login name of the RADIUS server.

    • Time zone: The user's time zone. The default time zone is UTC (Coordinated Universal Time).

  4. Save the changes.
Related topics

Creating certificate-based PAM user accounts

The users of a certificate-based PAM user account are authenticated using a certificate in the Privileged Account Management system.

To create a certificate-based PAM user account

  1. In the Manager, select the Privileged Account Management > User accounts category.

  2. Click in the result list.

  3. On the General tab, enter the following data as a minimum:
    • Appliance: Appliance to which the user account belongs.

    • Identity provider: Select the Local value.

    • User name: Enter the name to display.

    • Authentication provider: Select Certificate.

    • Certificate thumbprint (SHA-1): Enter the unique hash value (40 hexadecimal characters) of the certificate.

      NOTE: You can copy the thumbprint value directly from the certificate and insert it here, including blank characters.

    • Time zone: The user's time zone. The default time zone is UTC (Coordinated Universal Time).

  4. Save the changes.
Related topics
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択