지금 지원 담당자와 채팅

라이브 도움말 보기
등록 완료

로그인

가격 산정 요청

영업 담당자에게 문의

Identity Manager 8.2 - Authorization and Authentication Guide

콘텐츠 탐색

About this guide One Identity Manager application roles

Application roles overview

Application roles for basic functions Application role for the Operations Support Web Portal Application role for Compliance & Security Officers Application role for auditors Application roles for identity audit Application roles for company policies Application roles for attestation Application roles for subscribable reports Application roles for management levels Application roles for business roles Application roles for organizations Application for employee administrators Application roles for the IT Shop Application roles for target systems Application roles for Universal Cloud Interface Application role for Privileged Account Governance Application roles for Application Governance Application roles for custom tasks

Implementing the application roles Creating and editing application roles

Main data of application roles Assigning employees to application roles Custom extension of application role permissions Creating and editing dynamic roles for application roles Specifying mutually exclusive application roles Assigning subscribable reports to application roles Assigning extended properties to application roles Generating assignment resources for application roles Reports about application roles

Granting One Identity Manager schema permissions through permissions groups

Predefined permissions groups and system users Rules for determining the valid permissions for tables and columns Editing permissions groups

Dependencies between permissions groups Permissions group dependencies Copying permissions groups Creating permissions groups Permissions group properties

Editing system users

Creating system users System users’ passwords System user properties Adding system users to permission groups Which employees use the system user? Dynamic system user

Permissions for tables and columns

Displaying permissions of a permissions group Displaying permissions for tables Editing table permissions Editing column permissions Copying table permissions and column permissions Simulating permissions for system users

Displaying permissions for objects Displaying permissions for the current user Assigning role-based permissions groups to an applications

Managing permissions to program features

Displaying the current user's program functions Assigning program functions to permissions groups Permissions for running scripts Permissions for running methods Permissions for triggering processes Modifying permissions for running actions in the Launchpad

One Identity Manager authentication modules

System users Generic single sign-on (role-based) Employee Employee (role-based) Employee (dynamic) User account User account (role-based) Account based system user Active Directory user account Active Directory user account (role-based) Active Directory user account (manual input) Active Directory user account (manual input/role-based) Active Directory user account (dynamic) LDAP user account (role-based) LDAP user account (dynamic) HTTP header HTTP header (role-based) OAuth 2.0/OpenID Connect OAuth 2.0/OpenID Connect (role-based) Synchronization authentication module Web agent authentication module Component authentication module Crawler Password reset Password reset (role-based) Decentralized identity Decentralized Identity (role-based) Editing authentication modules

Enabling authentication modules Assigning authentication modules to applications Disabling or enabling authentication modules for applications Authentication module properties Initial data for authentication modules Configuration data for system user dynamic authentication

Example of a simple system user assignment Example of a system user assignment using a selection criterion Example of a function group assignment

Checking authentication

OAuth 2.0 / OpenID Connect configuration

Expiry of the OAuth 2.0/OpenID Connect authentication Creating the OAuth 2.0/OpenID Connect configuration Assigning OAuth 2.0/OpenID Connect configuration to web applications Displaying the configuration of the identity provider and the OAuth 2.0/OpenID Connect applications Specifying enabled and disabled columns for logging in Logging information about OAuth 2.0/OpenID Connect authentication

Multi-factor authentication in One Identity Manager

Editing table properties Preparing the Starling 2FA token request Requesting a security code Multi-factor authentication with One Identity Defender

Configuring RSTS for multi-factor authentication Configuring authentication with OAuth 2.0/OpenID Connect in the Web Portal Configuring authentication with OAuth 2.0/OpenID Connect

Authenticating other applications using OAuth 2.0/OpenID Connect Granular permissions for the SQL Server and database

Displaying database server logins Displaying users' access levels Displaying server roles and database roles permissions

Installing One Identity Redistributable STS Program functions for starting the One Identity Manager tools Minimum access levels of One Identity Manager tools

Permissions group properties

Table 22: Properties of a permissions group
Property	Description
Permissions group	Name of the permissions group. Label custom permission groups with the prefix CCC.
Description	Detailed description of the permissions group’s purpose.
Remarks	Text field for additional explanation.
Preprocessor condition	You can add a preprocessor condition to permissions groups. This means that the permissions group is only effective when the condition is met.
Permissions group binary pattern	The permissions group binary pattern is used to calculate effective system user permissions. It is provided by the DBQueue Processor.
Only use for role-based authentication	This group includes permissions, form assignments, menu items and program functions for role-based authentication. The permissions group can be assigned to One Identity Manager application roles and is assigned to dynamically determined system users. A direct assignment to non-dynamic system user is not permitted. NOTE: This function is available if the Identity Management Base Module is installed.

Related topics

Editing system users

One Identity Manager provides various system users whose permissions are matched to the various tasks. Create your own system users if required. Add the system users to permissions groups, thereby granting the system users permissions for the tables and columns of the One Identity Manager schema and make the user interface available.

The system user's effective permissions that are found are not saved in the One Identity Manager schema, but are determined when logging into One Identity Manager tools and then they are loaded.

When installing the One Identity Manager database using the Configuration Wizard, create an administrative system user that is added to non role-based permissions groups and receives all the permissions of the viadmin default system user.

In the Designer, system users are displayed in the Permissions > System users category. This shows you an overview of the permissions groups that are assigned to each individual system user. Use the Designer to create and edit your system user in the User & Permissions Group Editor.

You can run the following tasks:

Create new system users, such as an administrative system users or system users for service accounts
Configure password settings for system users
Add system users to permission groups
Determine which employees use a system user

Related topics

Creating system users

NOTE: You can create an administrative system user in User & Permissions Group Editor using the Create administrator menu. Administrative system users are automatically added to all non role-based permissions groups.

To create a new system user

In the Designer, select the Permissions category.
Start the User & Permissions Group Editor with the Show / edit permissions group task.
Add a new system user using the User > New menu item.
Edit the system user's main data.
Add the system user to permissions groups.
Select the Database > Save to database and click Save.

Related topics

System users’ passwords

The One Identity Manager password policy is used for logging in to One Identity Manager with a system user. This password policy defined the settings for the system user passwords (DialogUser.Password and Person.DialogUserPassword) as well as the passcode for a one time log in on the Web Portal (Person.Passcode).

If necessary, adjust the password policy to your requirements in the Designer. For detailed information about editing password policies, see One Identity Manager Operational Guide.

NOTE: The One Identity Manager password policy is marked as the default policy. This password policy is applied if no other password policy can be found for employees, user accounts or system users.

To prevent passwords expiring for service accounts, for example, in the Designer, you can enable the Password never expires (DialogUser.PasswordNeverExpires) option for the respective system users.

Related topics

System user properties

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택

© ALL RIGHTS RESERVED. 이용 약관 개인정보 보호정책 Cookie Preference Center