Account definitions are assigned to company employees.
Indirect assignment is the default method for assigning account definitions to employees. Account definitions are assigned to departments, cost centers, locations, or roles. The employees are categorized into these departments, cost centers, locations, or roles depending on their function in the company and thus obtain their account definitions. To react quickly to special requests, you can assign individual account definitions directly to employees.
You can automatically assign special account definitions to all company employees. It is possible to assign account definitions to the IT Shop as requestable products. Department managers can then request user accounts from the Web Portal for their staff. It is also possible to add account definitions to system roles. These system roles can be assigned to employees through hierarchical roles or added directly to the IT Shop as products.
In the One Identity Manager default installation, the processes are checked at the start to see if the employee already has a user account in the target system that has an account definition. If no user account exists, a new user account is created with the account definition’s default manage level.
NOTE: If a user account already exists and is disabled, then it is re-enabled. In this case, you must change the user account manage level afterward.
NOTE: As long as an account definition for an employee is valid, the employee retains the user account that was created by it.
Prerequisites for indirect assignment of account definitions to employees
-
Assignment of employees and account definitions is permitted for role classes (departments, cost centers, locations, or business roles).
To configure assignments to roles of a role class
-
In the Manager, select role classes in the Organizations > Basic configuration data > Role classes category.
- OR -
In the Manager, select role classes in the Business roles > Basic configuration data > Role classes category.
-
Select the Configure role assignments task and configure the permitted assignments.
-
To generally allow an assignment, enable the Assignments allowed column.
-
To allow direct assignment, enable the Direct assignments permitted column.
-
- Save the changes.
For more information about preparing role classes to be assigned, see the One Identity Manager Identity Management Base Module Administration Guide.