サポートと今すぐチャット
サポートとのチャット

Identity Manager 9.2.1 - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning identities, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded identities Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Certifying departments, cost centers, and locations Reports about departments, cost centers, and locations
Identity administration
One Identity Manager users for managing identities Basics for managing identities Creating and editing identities Assigning company resources to identities Displaying the origin of identities' roles and entitlements Analyzing role memberships and identity assignments Deactivating and deleting identities Deleting all personal data Limited access to One Identity Manager Changing the certification status of identities Displaying the identities overview Displaying and deleting identities' Webauthn security keys Determining the language for identities Determining identities working hours Manually assigning user accounts to identities Entering tickets for identities Assigning extended properties to identities Reports about identities Basic configuration data for identities
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing identities Configuration parameters for managing devices and workdesks

Editing properties for immediate recalculation

For individual dynamic roles, you can define which properties trigger a recalculation of role memberships if they are changed.

To add a property

  1. In the Manager, select the role for which the dynamic role was created.

  2. Open the role's overview form.

  3. Select Dynamic roles and click on the dynamic role.

  4. Select the Change main data task.

  5. On the Recalculation Properties tab, add the properties.

    1. Click Add.

    2. Next to the Property field, click .

    3. Under Property, select the table and column to trigger recalculation.

    4. Click OK.

  6. Save the changes.

To disable a property

  1. In the Manager, select the role for which the dynamic role was created.

  2. Open the role's overview form.

  3. Select Dynamic roles and click on the dynamic role.

  4. Select the Change main data task.

  5. On the Recalculation properties tab, select the column in the list and check the Disabled option.

  6. Save the changes.

To remove a property

  1. In the Manager, select the role for which the dynamic role was created.

  2. Open the role's overview form.

  3. Select Dynamic roles and click on the dynamic role.

  4. Select the Change main data task.

  5. On the Recalculation Properties tab, select the column in the list and click Remove.

  6. Save the changes.

Excluding dynamic roles from recalculation

You can exclude individual dynamic roles from recalculation. In this case, role memberships are not automatically recalculated. Existing role memberships remain as they are.

To exclude a dynamic role from recalculation

  1. In the Manager, select the role for which the dynamic role was created.

  2. Open the role's overview form.

  3. Select Dynamic roles and click on the dynamic role.

  4. Select the Change main data task.

  5. Enable the No recalculation of assignments option.

  6. Save the changes.

Related topics

Excluding identities from dynamic roles

Identities can be excluded automatically from dynamic roles on the basis of a denied attestation or a rule violation. An excluded list is maintained to do this. Excluded lists can also be defined for individual identities.

To add an identity to the excluded list

  1. In the Manager, select the role for which the dynamic role was created.

  2. Open the role's overview form.

  3. Select Dynamic roles and click on the dynamic role.

  4. Select the Exclude identities task.

  5. Click Add and select the identity from the Identity menu.

  6. (Optional) Enter a reason for the exclusion.

  7. Save the changes.

Related topics

Removing identities from the exclusion list

Identities that are incorrectly listed in the exclusion list of a dynamic role can be removed from the exclusion list.

To remove an identity from the exclusion list

  1. In the Manager, select the role for which the dynamic role was created.

  2. Open the role's overview form.

  3. Select Dynamic roles and click on the dynamic role.

  4. Select the Exclude identities task.

  5. Select the identity and click Remove.

  6. Save the changes.

Related topics
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択