지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager 8.2 - Administration Guide for Connecting to a Universal Cloud Interface

Managing Universal Cloud Interface environments Synchronizing a cloud application in the Universal Cloud Interface Provisioning object changes Managing cloud user accounts and employees Managing memberships in cloud groups Login information for cloud user accounts Mapping cloud objects in One Identity Manager
Cloud target systems Container structures Cloud user accounts Cloud groups Cloud system entitlements Cloud permissions controls Reports about objects in cloud target systems
Handling cloud objects in the Web Portal Basic data for managing a Universal Cloud Interface environment Configuration parameters for managing cloud target systems Default project template for cloud applications in the Universal Cloud Interface

Assigning cloud groups and system entitlements to cloud user accounts in One Identity Manager

Cloud groups and system entitlements can be assigned to employees directly or indirectly.

In the case of indirect assignment, employees as well as groups and entitlements are organized in hierarchical roles. The number of groups and system entitlements assigned to an employee is calculated from the position in the hierarchy and the direction of inheritance. If you add an employee to hierarchical roles and that employee owns a cloud user account, this user account is added to the cloud groups and system entitlements.

Cloud groups and system entitlements can also be requested in the Web Portal. To do this, add employees to a shop as customers. All cloud groups and system entitlements assigned to this shop as products can be requested by the customers. After approval is granted, requested cloud groups and system entitlements are assigned to the employees.

Through system roles, cloud groups and system entitlements can be grouped together and assigned to employees as a package. You can create system roles that contain only cloud groups or system entitlements. You can also group any number of company resources into a system role.

To react quickly to special requests, you can assign cloud groups and system entitlements directly to user accounts.

Topic

Guide

Basic principles for assigning and inheriting company resources

One Identity Manager Identity Management Base Module Administration Guide

One Identity Manager Business Roles Administration Guide

Assigning company resources through IT Shop requests

One Identity Manager IT Shop Administration Guide

System roles

One Identity Manager System Roles Administration Guide

Detailed information about this topic

Prerequisites for indirect assignment of cloud groups

In the case of indirect assignment, employees and cloud groups are arranged in hierarchical roles. When assigning cloud groups indirectly, check the following settings and modify them if necessary.

  1. Assignment of employees and cloud groups is permitted for role classes (departments, cost centers, locations, or business roles).

    For more information, see the One Identity Manager Identity Management Base Module Administration Guide.

    ClosedAllow assignments to role classes of departments, cost centers, locations, or roles

  2. Settings for assigning cloud groups to cloud user accounts.

    • Cloud user accounts are linked to employees.

    • Cloud user accounts are marked with the Groups can be inherited option.

    • Cloud user accounts and cloud groups belong to the same target system.

NOTE: There are other configuration settings that play a role when company resources are inherited through departments, cost centers, locations, and business roles. For example, role inheritance might be blocked or inheritance of employees not allowed. For more detailed information about the basic principles for assigning company resources, see the One Identity Manager Identity Management Base Module Administration Guide.

Related topics

Assigning cloud groups to departments, cost centers, and locations

Assign groups to departments, cost centers, and locations in order to assign user accounts to them through these organizations.

To assign a group to departments, cost centers, or locations (non role-based login)

  1. In the Manager, select the Cloud Target Systems > <target system> > Groups category.

  2. Select the group in the result list.

  3. Select the Assign organizations task.

  4. In the Add assignments pane, assign the organizations:

    • On the Departments tab, assign departments.

    • On the Locations tab, assign locations.

    • On the Cost centers tab, assign cost centers.

    TIP: In the Remove assignments pane, you can remove assigned organizations.

    To remove an assignment

    • Select the organization and double-click .

  5. Save the changes.

To assign groups to a department, a cost center, or a location (non role-based login or role-based login)

  1. In the Manager, select the Organizations > Departments category.

    - OR -

    In the Manager, select the Organizations > Cost centers category.

    - OR -

    In the Manager, select the Organizations > Locations category.

  2. Select the department, cost center, or location in the result list.

  3. Select the Assign cloud groups task.

  4. Select the Groups tab.

  5. In the Add assignments pane, assign groups.

    TIP: In the Remove assignments pane, you can remove the assignment of groups.

    To remove an assignment

    • Select the group and double-click .

  6. Save the changes.
Related topics

Assigning cloud system entitlements to departments, cost centers, and locations

Assign a system entitlement to departments, cost centers, or location such that the system entitlement can be inherited by user accounts through these organizations.

To assign a system entitlement to a department, cost center, or location (non role-based login)

  1. In the Manager, select the Cloud target systems > <target system> > System entitlements 1 category.

    - OR -

    In the Manager, select the Cloud target systems > <target system> > System entitlements 2 category.

    - OR -

    In the Manager, select the Cloud target systems > <target system> > System entitlements 3 category.

  2. Select the system entitlement in the result list.

  3. Select the Assign organizations task.

  4. In the Add assignments pane, assign the organizations:

    • On the Departments tab, assign departments.

    • On the Locations tab, assign locations.

    • On the Cost centers tab, assign cost centers.

    TIP: In the Remove assignments pane, you can remove assigned organizations.

    To remove an assignment

    • Select the organization and double-click .

  5. Save the changes.

To assign system entitlements to a department, a cost center, or a location (non role-based login or role-based login)

  1. In the Manager, select the Organizations > Departments category.

    - OR -

    In the Manager, select the Organizations > Cost centers category.

    - OR -

    In the Manager, select the Organizations > Locations category.

  2. Select the department, cost center, or location in the result list.

  3. Select the Assign cloud groups and system entitlements task.

  4. In the Add assignments pane, assign the system entitlements.

    • On the Cloud system entitlement 1 tab, assign the system entitlement 1.

    • On the Cloud system entitlement 2 tab, assign the system entitlement 2.

    • On the Cloud system entitlement 3 tab, assign the system entitlement 3.

    TIP: In the Remove assignments pane, you can remove system entitlement assignments.

    To remove an assignment

    • Select the system entitlement and double-click .

  5. Save the changes.
Related topics
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택