지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager 9.3 - Administration Guide for Connecting to Custom Target Systems

Managing custom target systems Synchronizing custom target systems Managing user accounts and identities Managing assignments of groups and system entitlements Login credentials for user accounts Mapping custom target system objects in One Identity Manager Treatment of custom target system objects in the Web Portal Basic configuration data for custom target systems Configuration parameters for managing custom target systems

Assigning groups to permissions controls

Use this task to assign a permissions control directly to multiple groups.

To assign groups to a permissions control

  1. In the Manager, select the Custom Target Systems > <target system> > Permissions controls category.

  2. Select the permissions control in the result list.

  3. Select Assign groups category.

  4. In the Add assignments pane, assign the groups.

    TIP: In the Remove assignments pane, you can remove the assignment of groups.

    To remove an assignment

    • Select the group and double-click .

  5. Save the changes.
Related topics

Displaying the permissions control overview

You can display the most important information about a permissions control on the overview form.

To obtain an overview of a permissions control

  1. In the Manager, select the Custom Target Systems > <target system> > Permissions controls category.

  2. Select the permissions control in the result list.

  3. Select the Permissions control overview task.

Reports about custom target systems

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for custom target systems.

NOTE: Other sections may be available depending on the which modules are installed.

Table 29: Data quality target system report

Report

Published for

Description

Show overview

User account

This report shows an overview of the user account and the assigned permissions.

Show overview including origin

User account

This report shows an overview of the user account and origin of the assigned permissions.

Show overview including history

User account

This report shows an overview of the user accounts including its history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Show user accounts overview (incl. history)

Container

This report shows all the container's user accounts with their permissions including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Show system entitlements overview (incl. history)

Container

This report shows the container's system entitlements with the assigned user accounts including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Overview of all assignments

Container

This report finds all roles containing identities with at least one user account in the selected container.

Overview of all assignments

System entitlement

group

This report finds all roles containing identities who have the selected system entitlement.

Show overview

System entitlement

group

This report shows an overview of the system entitlement and its assignments.

Show overview including origin

System entitlement

group

This report shows an overview of the system entitlement and origin of the assigned user accounts.

Show overview including history

System entitlement

group

This report shows an overview of the system entitlement and including its history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Show entitlement drifts

Target system

This report shows all system entitlements that are the result of manual operations in the target system rather than provisioned by One Identity Manager.

Show user accounts overview (incl. history)

Target system

This report returns all the user accounts with their permissions including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Show user accounts with an above average number of system entitlements

Target system

This report contains all user accounts with an above average number of system entitlements.

Show identities with multiple user accounts

Target system

This report shows all the identities that have multiple user accounts. The report contains a risk assessment.

Show system entitlements overview (incl. history)

Target system

This report shows the system entitlements with the assigned user accounts including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Overview of all assignments

Target system

This report finds all roles containing identities with at least one user account in the selected target system.

Show unused user accounts

Target system

This report contains all user accounts, which have not been used in the last few months.

Show orphaned user accounts

Target system

This report shows all user accounts to which no identity is assigned.

Show user account operations

Target system

This report shows modified user accounts from all target systems for a specific time period.

Related topics

Treatment of custom target system objects in the Web Portal

One Identity Manager enables its users to perform various tasks simply using a Web Portal.

  • Managing user accounts and identities

    An account definition can be requested by shop customers in the Web Portal if it is assigned to an IT Shop shelf. The request undergoes a defined approval process. The user account is not created until it has been agreed by an authorized identity, such as a manager.

  • Managing assignments of groups and system entitlements

    These products can be requested in the Web Portal by the shop's customers by assigning groups and system entitlements to an IT Shop shelf. The request undergoes a defined approval process. The group or system entitlement is not assigned until it has been approved by an authorized identity.

    In the Web Portal, managers and administrators of organizations can assign system entitlements to the departments, cost centers, or locations for which they are responsible. The system entitlements and groups are inherited by all identities who are members of these departments, cost centers, or locations.

    If the Business Roles Module is available, managers and administrators of business roles can assign groups and system entitlements to the business roles in the Web Portal for which they are responsible. The groups and system entitlements are inherited by all identities who are members of these business roles.

    If the System Roles Module is available, those with system roles responsibilities can assign groups and system entitlements to the system roles in the Web Portal. The groups and system entitlements are inherited by all identities to whom these system roles are assigned.

  • Attestation

    If the Attestation Module is available, the correctness of the properties of target system objects and of entitlement assignments can be verified on request. To enable this, attestation policies are configured in the Manager. The attestors use the Web Portal to approve attestation cases.

  • Governance administration

    The rules are checked regularly, and if changes are made to the objects in One Identity Manager. Compliance rules are defined in the Manager. Supervisors use the Web Portal to check rule violations and to grant exception approvals.

    If the Company Policies Module is available, company policies can be defined for the target system objects mapped in One Identity Manager and their risks evaluated. Company policies are defined in the Manager. Supervisors use the Web Portal to check policy violations and to grant exception approvals.

  • Risk assessment

    You can use the risk index of groups to evaluate the risk of entitlement assignments for the company.One Identity Manager provides default calculation functions for this. The calculation functions can be modified in the Web Portal.

  • Reports and statistics

    The Web Portal provides a range of reports and statistics about the identities, user accounts, and their entitlements and risks.

For more information about the named topics, see Managing user accounts and identities, Managing assignments of groups and system entitlements, and the following guides:

  • One Identity Manager Web Portal User Guide

  • One Identity Manager Attestation Administration Guide

  • One Identity Manager Compliance Rules Administration Guide

  • One Identity Manager Company Policies Administration Guide

  • One Identity Manager Risk Assessment Administration Guide

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택