지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager 8.2 - Authorization and Authentication Guide

About this guide One Identity Manager application roles Granting One Identity Manager schema permissions through permissions groups Managing permissions to program features One Identity Manager authentication modules OAuth 2.0 / OpenID Connect configuration Multi-factor authentication in One Identity Manager Authenticating other applications using OAuth 2.0/OpenID Connect Granular permissions for the SQL Server and database Installing One Identity Redistributable STS Program functions for starting the One Identity Manager tools Minimum access levels of One Identity Manager tools

Permissions group properties

Table 22: Properties of a permissions group
Property Description

Permissions group

Name of the permissions group. Label custom permission groups with the prefix CCC.

Description

Detailed description of the permissions group’s purpose.

Remarks

Text field for additional explanation.

Preprocessor condition

You can add a preprocessor condition to permissions groups. This means that the permissions group is only effective when the condition is met.

Permissions group binary pattern

The permissions group binary pattern is used to calculate effective system user permissions. It is provided by the DBQueue Processor.

Only use for role-based authentication

This group includes permissions, form assignments, menu items and program functions for role-based authentication. The permissions group can be assigned to One Identity Manager application roles and is assigned to dynamically determined system users. A direct assignment to non-dynamic system user is not permitted.

NOTE: This function is available if the Identity Management Base Module is installed.

Related topics

Editing system users

One Identity Manager provides various system users whose permissions are matched to the various tasks. Create your own system users if required. Add the system users to permissions groups, thereby granting the system users permissions for the tables and columns of the One Identity Manager schema and make the user interface available.

The system user's effective permissions that are found are not saved in the One Identity Manager schema, but are determined when logging into One Identity Manager tools and then they are loaded.

When installing the One Identity Manager database using the Configuration Wizard, create an administrative system user that is added to non role-based permissions groups and receives all the permissions of the viadmin default system user.

In the Designer, system users are displayed in the Permissions > System users category. This shows you an overview of the permissions groups that are assigned to each individual system user. Use the Designer to create and edit your system user in the User & Permissions Group Editor.

You can run the following tasks:

  • Create new system users, such as an administrative system users or system users for service accounts

  • Configure password settings for system users

  • Add system users to permission groups

  • Determine which employees use a system user

Related topics

Creating system users

NOTE: You can create an administrative system user in User & Permissions Group Editor using the Create administrator menu. Administrative system users are automatically added to all non role-based permissions groups.

To create a new system user

  1. In the Designer, select the Permissions category.

  2. Start the User & Permissions Group Editor with the Show / edit permissions group task.

  3. Add a new system user using the User > New menu item.

  4. Edit the system user's main data.

  5. Add the system user to permissions groups.

  6. Select the Database > Save to database and click Save.

Related topics

System users’ passwords

The One Identity Manager password policy is used for logging in to One Identity Manager with a system user. This password policy defined the settings for the system user passwords (DialogUser.Password and Person.DialogUserPassword) as well as the passcode for a one time log in on the Web Portal (Person.Passcode).

If necessary, adjust the password policy to your requirements in the Designer. For detailed information about editing password policies, see One Identity Manager Operational Guide.

NOTE: The One Identity Manager password policy is marked as the default policy. This password policy is applied if no other password policy can be found for employees, user accounts or system users.

To prevent passwords expiring for service accounts, for example, in the Designer, you can enable the Password never expires (DialogUser.PasswordNeverExpires) option for the respective system users.

Related topics
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택