When new user accounts are created in One Identity Manager, the passwords needed to log in to the target system are created immediately also. Various options are available for assigning the initial password. Predefined password policies are applied to the passwords, and you can adjust these policies to suit your individual requirements if necessary. You can set up email notifications to distribute the login credentials generated to users.
Integration with OneLogin Cloud Directory
Architecture overview
One Identity Manager users for managing a OneLogin domain
Configuration parameters for managing OneLogin environments
Synchronizing a OneLogin domain
Setting up initial synchronization with a OneLogin domain
Managing OneLogin user accounts and identities
Users and permissions for synchronizing with a OneLogin domain
Setting up a synchronization server for OneLogin domains
Customizing the synchronization configuration
System requirements for the OneLogin synchronization server
Installing One Identity Manager Service with a OneLogin connector
Creating a synchronization project for initial synchronization of a OneLogin domain
Information required to set up a synchronization project
Creating an initial synchronization project for OneLogin domains
Configuring the synchronization log
Customizing synchronization projects for OneLogin privileges
Configuring synchronization in OneLogin domains
Configuring synchronization of several OneLogin domains
Changing system connection settings of OneLogin domains
Updating schemas
Speeding up synchronization
Configuring single object synchronization
Accelerating provisioning and single object synchronization
Running synchronization
Starting synchronization
Deactivating synchronization
Displaying synchronization results
Synchronizing single objects
Tasks following synchronization
Post-processing outstanding objects
Adding custom tables to the target system synchronization
Managing OneLogin user accounts through account definitions
Troubleshooting
Ignoring data error in synchronization
Pausing handling of target system specific processes (Offline mode)
Account definitions for OneLogin user accounts
Managing memberships in OneLogin roles
Creating account definitions
Editing account definitions
Main data for an account definition
Editing manage levels
Creating manage levels
Assigning manage levels to account definitions
Main data for manage levels
Creating mapping rules for IT operating data
Entering IT operating data
Modify IT operating data
Assigning account definitions to identities
Assigning identities automatically to OneLogin user accounts
Assigning account definitions to departments, cost centers, and locations
Assigning account definitions to business roles
Assigning account definitions to all identities
Assigning account definitions directly to identities
Assigning account definitions to system roles
Adding account definitions to the IT Shop
Assigning account definitions to OneLogin domains
Deleting account definitions
Editing search criteria for automatic identity assignment
Finding identities and directly assigning them to user accounts
Changing manage levels for OneLogin user accounts
Supported user account types
Default user accounts
Administrative user accounts
Specifying deferred deletion for OneLogin user accounts
Providing administrative user accounts for one identity
Providing administrative user accounts for several people
Privileged user accounts
Assigning OneLogin roles to OneLogin user accounts
Login credentials for OneLogin user accounts
Prerequisites for indirect assignment of OneLogin roles to OneLogin user accounts
Assigning OneLogin roles to departments, cost centers and locations
Assigning OneLogin roles to business roles
Adding OneLogin roles to system roles
Adding OneLogin roles to the IT Shop
Adding OneLogin roles automatically to the IT Shop
Assigning OneLogin user accounts directly to OneLogin roles
Assigning OneLogin roles directly to OneLogin user accounts
Effectiveness of membership in OneLogin roles
OneLogin role inheritance based on categories
Overview of all assignments
Password policies for OneLogin user accounts
Mapping OneLogin objects in One Identity Manager
Predefined password policies
Using password policies
Creating password policies
Editing password policies
General main data for password policies
Character classes for passwords
Policy settings
Custom scripts for password requirements
Password exclusion list
Checking a password
Testing password generation
Initial password for new OneLogin user accounts
OneLogin domains
Handling of OneLogin objects in the Web Portal
Base data for OneLogin domains
Configuration parameters for managing OneLogin domains
Default template for OneLogin domains
Editing OneLogin system objects
OneLogin connector settings
Creating OneLogin domains
Editing main data of OneLogin domains
General main data for OneLogin domains
Defining categories for the inheritance of entitlements
Editing the synchronization project for a OneLogin domain
Displaying the OneLogin domain overview
OneLogin user accounts
Creating OneLogin user accounts
Editing main data of OneLogin user accounts
General main data of OneLogin user accounts
Login credentials for OneLogin user accounts
Information about OneLogin user accounts' directory
Information about the OneLogin user accounts' company
Changing custom user fields for OneLogin user accounts
Specifying administrators for OneLogin roles
Assigning authentication methods to OneLogin user accounts
Assigning privileges to OneLogin user accounts
Assigning extended properties to OneLogin user accounts
Deleting and restoring OneLogin user accounts
Displaying the OneLogin user account overview
OneLogin applications
Editing master data for OneLogin applications
General main data for OneLogin applications
Assigning OneLogin roles to OneLogin applications
Assigning extended properties to OneLogin application
Displaying OneLogin application overviews
OneLogin roles
Editing main data of OneLogin roles
General main data of OneLogin roles
Specifying role administrators
Assigning OneLogin applications to OneLogin roles
Assigning extended properties to OneLogin roles
Displaying the OneLogin role overview
OneLogin authentication methods
OneLogin service providers
OneLogin clients
OneLogin scopes
OneLogin policies
OneLogin groups
OneLogin privileges
OneLogin custom user fields
Reports about OneLogin objects
Login credentials for OneLogin user accounts
Password policies for OneLogin user accounts
provides you with support for creating complex password policies, for example, for system user passwords, the identities' central password as well as passwords for individual target systems. Password polices apply not only when the user enters a password but also when random passwords are generated.
Predefined password policies are supplied with the default installation that you can use or customize if required. You can also define your own password policies.
Detailed information about this topic
Predefined password policies
You can customize predefined password policies to meet your own requirements if necessary.
Password for logging in to
The password policy is applied for logging in to . This password policy defines the settings for the system user passwords (DialogUser.Password and Person.DialogUserPassword) as well as the passcode for a one time log in on the Web Portal (Person.Passcode).
NOTE: The password policy is marked as the default policy. This password policy is applied if no other password policy can be found for identities, user accounts, or system users.
For more information about password policies for identities, see the One Identity Manager Identity Management Base Module Administration Guide.
Password policy for forming identities' central passwords
An identity's central password is formed from the target system specific user accounts by respective configuration. The Identity central password policy defines the settings for the (Person.CentralPassword) central password. Members of the Identity Management | Identities | Administrators application role can adjust this password policy.
IMPORTANT: Ensure that the Identity central password policy does not violate the target system-specific requirements for passwords.
For more information about password policies for identities, see the One Identity Manager Identity Management Base Module Administration Guide.
Password policies for user accounts
Predefined password policies are provided, which you can apply to the user account password columns of the user accounts.
IMPORTANT: If you do not use password policies that are specific to the target system, the password policy default policy applies. In this case, ensure that the default policy does not violate the target systems requirements.
The OneLogin password policy is predefined for OneLogin. You can apply this password policy to the OneLogin user accounts (OLGUser.Password) of a OneLogin domain.
If the domains' password requirements differ, it is recommended that you set up your own password policies for each domain.
Furthermore, you can apply password policies based on the account definition of the user accounts or based on the manage level of the user accounts.
Using password policies
The OneLogin password policy is predefined for OneLogin. You can apply this password policy to the OneLogin user accounts (OLGUser.Password) of a OneLogin domain.
If the domains' password requirements differ, it is recommended that you set up your own password policies for each domain.
Furthermore, you can apply password policies based on the account definition of the user accounts or based on the manage level of the user accounts.
The password policy that is to be used for a user account is determined in the following sequence:
-
Password policy of the user account's account definition.
-
Password policy of the user account's manage level.
-
Password policies of the user account's OneLogin domain.
-
The password policy (default policy).
IMPORTANT: If you do not use password policies that are specific to the target system, the password policy default policy applies. In this case, ensure that the default policy does not violate the target systems requirements.
To reassign a password policy
-
In the Manager, select the OneLogin > Basic configuration data > Password policies category.
- Select the password policy in the result list.
- Select Assign objects.
-
Click Add in the Assignments section and enter the following data.
-
Apply to: Application scope of the password policy.
To specify an application scope
-
Click
next to the field.
-
Select one of the following references under Table:
-
The table that contains the base objects of synchronization.
-
To apply the password policy based on the account definition, select the TSBAccountDef table.
-
To apply the password policy based on the manage level, select the TSBBehavior table.
-
-
Under Apply to, select the table that contains the base objects.
-
If you have selected the table containing the base objects of synchronization, next select the specific target system.
-
If you have selected the TSBAccountDef table, next select the specific account definition.
-
If you have selected the TSBBehavior table, next select the specific manage level.
-
-
Click OK.
-
-
Password column: Name of the password column.
-
Password policy: Name of the password policy to use.
-
-
Save the changes.
To change a password policy's assignment
-
In the Manager, select the OneLogin > Basic configuration data > Password policies category.
-
Select the password policy in the result list.
-
Select the Assign objects task.
-
In the Assignments pane, select the assignment you want to change.
-
From the Password Policies menu, select the new password policy you want to apply.
-
Save the changes.