지금 지원 담당자와 채팅

라이브 도움말 보기
등록 완료

로그인

가격 산정 요청

영업 담당자에게 문의

Identity Manager 9.2 - Authorization and Authentication Guide

콘텐츠 탐색

About this guide One Identity Manager application roles

Application roles overview

Application roles for basic functions Application role for the Operations Support Web Portal Application role for Compliance & Security Officers Application role for auditors Application roles for identity audit Application roles for company policies Application roles for attestation Application roles for subscribable reports Application roles for management levels Application roles for business roles Application roles for organizations Application role for application roles Application roles for identity administrators Application roles for the IT Shop Application roles for target systems Application roles for Universal Cloud Interface Application role for Privileged Account Governance Application roles for Application Governance Application roles for custom tasks

Implementing the application roles Creating and editing application roles

Main data of application roles Assigning identities to application roles Custom extension of application role permissions Creating and editing dynamic roles for application roles Specifying mutually exclusive application roles Assigning subscribable reports to application roles Assigning extended properties to application roles Generating assignment resources for application roles Certification of applications roles Reports about application roles

Granting One Identity Manager schema permissions through permissions groups

Predefined permissions groups and system users Rules for determining the valid permissions for tables and columns Editing permissions groups

Dependencies between permissions groups Permissions group dependencies Copying permissions groups Creating permissions groups Permissions group properties

Editing system users

Creating system users System users’ passwords System user properties Adding system users to permission groups Which identities use the system user? Dynamic system user

Permissions for tables and columns

Displaying permissions of a permissions group Displaying permissions for tables Editing table permissions Editing column permissions Copying table permissions and column permissions Simulating permissions for system users

Displaying permissions for objects Displaying permissions for the current user Assigning role-based permissions groups to an applications

Managing permissions to program functions

Displaying the current user's program functions Assigning program functions to permissions groups Permissions for running scripts Permissions for running methods Permissions for triggering processes Modifying permissions for running actions in the Launchpad

One Identity Manager authentication modules

System users Generic single sign-on (role-based) Identity Identity (role-based) Identity (dynamic) User account User account (role-based) User account (manual input/role-based) Account based system user Active Directory user account Active Directory user account (role-based) Active Directory user account (manual input) Active Directory user account (manual input/role-based) Active Directory user account (dynamic) LDAP user account (role-based) LDAP user account (dynamic) HTTP header HTTP header (role-based) OAuth 2.0/OpenID Connect OAuth 2.0/OpenID Connect (role-based) Synchronization authentication module Web agent authentication module Component authentication module Crawler Password reset Password reset (role-based) Decentralized identity Decentralized Identity (role-based) Editing authentication modules

Enabling authentication modules Assigning authentication modules to applications Disabling or enabling authentication modules for applications Authentication module properties Initial data for authentication modules Configuration data for system user dynamic authentication

Example of a simple system user assignment Example of a system user assignment using a selection criterion Example of a function group assignment

Checking authentication

OAuth 2.0/OpenID Connect authentication

Expiry of the OAuth 2.0/OpenID Connect authentication Creating the OAuth 2.0/OpenID Connect configuration Assigning OAuth 2.0/OpenID Connect configuration to web applications Displaying the configuration of the identity provider and the OAuth 2.0/OpenID Connect applications Specifying enabled and disabled columns for logging in Logging information about OAuth 2.0/OpenID Connect authentication Setting up OAuth 2.0/OpenID Connect authentication for accessing the application server's REST API

Setting up OAuth 2.0/OpenID Connect authentication the on application server Authentication module for using OAuth 2.0/OpenID Connect for authentication access to the REST API Authenticating external applications on the application server using OAuth 2.0/OpenID Connect

OAuth 2.0/OpenID Connect authentication on the API Server

Setting up OAuth 2.0/OpenID Connect authentication on the API Server Authenticating external applications on the API Server using OAuth 2.0/OpenID Connect

Multi-factor authentication in One Identity Manager

Multi-factor authentication with OneLogin Multi-factor authentication with One Identity Defender

Configuring RSTS for multi-factor authentication Configuring authentication with OAuth 2.0/OpenID Connect in the Web Portal Configuring authentication with OAuth 2.0/OpenID Connect

Granular permissions for the SQL Server and database

Displaying database users Displaying users' access levels Displaying database role and server role permissions

Installing One Identity Redistributable Secure Token Server

Installing One Identity Redistributable Secure Token Server Installing and uninstalling the One Identity Redistributable Secure Token Server

Preventing blind SQL injection Program functions for starting the One Identity Manager tools Minimum access levels of One Identity Manager tools

Configuring RSTS for multi-factor authentication

To configure multi-factor authentication using a RADIUS server on the RSTS

Start a web browser and open the URL of the RSTS administration interface.

https://<webapplication>/RSTS/admin

Use the configuration password assigned during installation to log in.
On the home page, click Authentication providers.
On the Authentication Providers page, select the Default Active Directory default provider and click Edit.
On the Edit page, select the Authentication provider tab and edit the following settings.
- Directory Type > Active Directory: enabled
- Connection Information > Use Current Domain: enabled
Select the Two Factor Authentication tab and edit the settings for your Defender Security Server.
- Two Factor Authentication Settings > RADIUS: enabled
- Server, Port, Shared Secret, and Username Attribute: Connection data for the RADIUS server.
- (Optional) Connection Information > Pre-authenticate For ChallengeResponse: Uses the response text of the defender, instead of the default RADIUS response text.
Switch to the home page and select Applications.
On the Applications page, click Add Application.
On the Edit page, select the General Settings tab and edit the following settings.
- Application Name, Authentication Provider, Realm/Client_ID/Issuer, Redirect Url
The redirect URL for the Web Portal (Redirect Url) is formed as follows: https://<Server>/<Application Name>/
Select the Certificates tab and under Signing Certificate (Required) activate the signing certificate that you specified when installing the RSTS.

For more information, see Multi-factor authentication with One Identity Defender.
Click Finish.

Related topics

Installing One Identity Redistributable Secure Token Server

Configuring authentication with OAuth 2.0/OpenID Connect in the Web Portal

To configure authentication with OAuth 2.0/OpenID Connect

Start the Web Designer.
Click the View > Home page menu item.
On the home page, click Select web application and select the web application.
Click Edit web application settings.
In the Edit web application settings dialog, edit the web application settings.
- Authentication module: Select OAuth 2.0/OpenID Connect (role-based).
- OAuth 2.0/OpenID Connect configuration: Select the newly created identity provider.
- Client ID for OAuth 2.0 authentication: Select the client ID that you specified when you configured RSTS.
- Fingerprint of the OAuth 2.0 certificate: Specify the fingerprint of the signing certificate you selected when configuring the RSTS.
Save the changes.

Related topics

Configuring authentication with OAuth 2.0/OpenID Connect

To configure authentication with OAuth 2.0/OpenID Connect

In the Designer, select the Base data > Security settings > OAuth 2.0/OpenID Connect configuration category.
In the list editor, select the newly created identity provider.
Select the General tab and check the general configuration data of the identity provider.
- Column to search: Select ADSAccount - ObjectGUID.
Select the Applications tab and check the configuration of the OAuth 2.0/OpenID Connect application.
- Default: enabled
- Redirect URI: If you want to use multifactor authentication with the administration tools of the One Identity Manager, enter urn:InstalledApplication.
Select the Database > Commit to database and click Save.

Related topics

Granular permissions for the SQL Server and database

For the deployment of a One Identity Manager database on an SQL Server, in Azure SQL Database or in a managed instance in Azure SQL Database, SQL Server logins and database users are provided for the administrative users, configuration users, and end users. Permissions at server and database level are matched to suit the user's tasks.

Normally, you cannot edit users and permissions.

For more information about users and their permissions, see the One Identity Manager Installation Guide. and the One Identity Manager Data Archiving Administration Guide.

Related topics

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택

© ALL RIGHTS RESERVED. 이용 약관 개인정보 보호정책 Cookie Preference Center