The following configuration parameters are additionally available in One Identity Manager after the module has been installed.
Configuration parameters |
Meaning if Set |
---|---|
TargetSystem | PAG |
Preprocessor relevant configuration parameters for controlling model components for Privileged Account Management system administration. If the parameter is set, the target system components are available. Changes to this parameter require the database to be recompiled. If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
TargetSystem | PAG | Accounts |
Allows configuration of PAM user account data. |
TargetSystem | PAG | Accounts | InitialRandomPassword |
Specifies whether a random password is generated when a new user account is added. The password must contain at least those character sets that are defined in the password policy. |
TargetSystem | PAG | Accounts | InitialRandomPassword | SendTo |
Employee to receive an email with the random generated password (manager cost center/department/location/business role, employee’s manager or XUserInserted). If no recipient can be found, the e-mail is sent to the address stored in the TargetSystem | PAG | DefaultAddress configuration parameter. |
TargetSystem | PAG | Accounts | InitialRandomPassword | SendTo | MailTemplateAccountName |
Mail template name that is sent to supply users with the login credentials for the user account. The Employee - new user account created mail template is used. |
TargetSystem | PAG | Accounts | InitialRandomPassword | SendTo | MailTemplatePassword |
Mail template name that is sent to supply users with the initial password. The Employee - initial password for new user account mail template is used. |
TargetSystem | PAG | Accounts | MailTemplateDefaultValues |
Mail template used to send notifications about whether default IT operating data mapping values are used for automatically creating a user account. The Employee - new user account with default properties created mail template is used. |
TargetSystem | PAG | Accounts | PrivilegedAccount |
Allows configuration of privileged user account settings. |
TargetSystem | PAG | Accounts | TransferJPegPhoto |
Specifies whether changes to the employee's picture are published in existing user accounts. The picture is not part of default synchronization. It is only published when employee data is changed. |
TargetSystem | PAG| DefaultAddress |
Default email address of the recipient for notifications about actions in the target system. |
TargetSystem | PAG | PersonAutoDefault |
Mode for automatic employee assignment for user accounts added to the database outside synchronization. |
TargetSystem | PAG | PersonAutoDisabledAccounts |
Specifies whether employees are automatically assigned to disabled user accounts. User accounts are not given an account definition. |
TargetSystem | PAG | PersonAutoFullsync |
Mode for automatic employee assignment for user accounts that are added to or updated in the database by synchronization. |
TargetSystem | PAG | PersonExcludeList |
Listing of all user account without automatic employee assignment. Names are listed in a pipe (|) delimited list that is handled as a regular search pattern. Example: ADMINISTRATOR|GUEST|KRBTGT|TSINTERNETUSER|IUSR_.*|IWAM_.*|SUPPORT_.*|.* | $ |
TargetSystem | PAG | UserObjectAccessThreshold |
Threshold for the number of privileged access permissions per user, above which a user's risk index is increased. Default is 20. |
TargetSystem | PAG | HighRiskIndexThreshold |
Risk index values higher than this threshold are considered high. Default is 0.5. |
QER | ITShop | AutoPublish | PAGUsrGroup |
Preprocessor relevant configuration parameter for automatically adding PAM user groups to the IT Shop. If the parameter is set, all user groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled. If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
QER | ITShop | AutoPublish | PAGUsrGroup | ExcludeList |
List of all PAM user groups that are not to be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation. Example: .*Administrator.*|.*Admins|.*Operators |