Account definitions are assigned to company identities.
Indirect assignment is the default method for assigning account definitions to identities. Account definitions are assigned to departments, cost centers, locations, or roles. The identities are categorized into these departments, cost centers, locations, or roles depending on their function in the company and thus obtain their account definitions. To react quickly to special requests, you can assign individual account definitions directly to identities.
You can automatically assign special account definitions to all company identities. It is possible to assign account definitions to the IT Shop as requestable products. Department managers can then request user accounts from the Web Portal for their staff. It is also possible to add account definitions to system roles. These system roles can be assigned to identities through hierarchical roles or added directly to the IT Shop as products.
In the One Identity Manager default installation, the processes are checked at the start to see if the identity already has a user account in the target system that has an account definition. If no user account exists, a new user account is created with the account definition’s default manage level.
NOTE: If a user account already exists and is disabled, then it is re-enabled. In this case, you must change the user account manage level afterward.
As long as an account definition for an identity is valid, the identity retains the user account that was created by it.
Prerequisites for indirect assignment of account definitions to identities
Assignment of identities and account definitions is permitted for role classes (departments, cost centers, locations, or business roles).
To configure assignments to roles of a role class
In the Manager, select role classes in the Organizations > Basic configuration data > Role classes category.
- OR -
In the Manager, select role classes in the Business roles > Basic configuration data > Role classes category.
Select the Configure role assignments task and configure the permitted assignments.
To generally allow an assignment, enable the Assignments allowed column.
To allow direct assignment, enable the Direct assignments permitted column.
- Save the changes.
For more information about preparing role classes to be assigned, see the One Identity Manager Identity Management Base Module Administration Guide.
Detailed information about this topic
- Assigning account definitions to departments, cost centers, and locations
- Assigning account definitions to business roles
- Assigning account definitions to all identities
- Assigning account definitions directly to identities
- Assigning account definitions to system roles
- Adding account definitions in the IT Shop