TargetSystem | PAG |
Preprocessor relevant configuration parameters for controlling model components for Privileged Account Management system administration. If the parameter is set, the target system components are available. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
TargetSystem | PAG | Accounts |
Allows configuration of PAM user account data. |
TargetSystem | PAG | Accounts | InitialRandomPassword |
Specifies whether a random password is generated when a new user account is added. The password must contain at least those character sets that are defined in the password policy. |
TargetSystem | PAG | Accounts | InitialRandomPassword | SendTo |
Identity that receives the email with the random generated password (manager cost center/department/location/role, identity’s manager or XUserInserted). If no recipient can be found, the e-mail is sent to the address stored in the TargetSystem | PAG | DefaultAddress configuration parameter. |
TargetSystem | PAG | Accounts | InitialRandomPassword | SendTo | MailTemplateAccountName |
Mail template name that is sent to supply users with the login credentials for the user account. The Identity - new user account created mail template is used. |
TargetSystem | PAG | Accounts | InitialRandomPassword | SendTo | MailTemplatePassword |
Mail template name that is sent to supply users with the initial password. The Identity - initial password for new user account mail template is used. |
TargetSystem | PAG | Accounts | MailTemplateDefaultValues |
Mail template used to send notifications about whether default IT operating data mapping values are used for automatically creating a user account. The Identity - new user account with default properties created mail template is used. |
TargetSystem | PAG | Accounts | PrivilegedAccount |
Allows configuration of privileged user account settings. |
TargetSystem | PAG | Accounts | TransferJPegPhoto |
Specifies whether changes to the identity's picture are published in existing user accounts. The picture is not part of default synchronization. It is only published when an identity's main data is changed. |
TargetSystem | PAG| DefaultAddress |
Default email address of the recipient for notifications about actions in the target system. |
TargetSystem | PAG | PersonAutoDefault |
Mode for automatic identity assignment for user accounts added to the database outside synchronization. |
TargetSystem | PAG | PersonAutoDisabledAccounts |
Specifies whether identities are automatically assigned to disabled user accounts. User accounts are not given an account definition. |
TargetSystem | PAG | PersonAutoFullsync |
Mode for automatic identity assignment for user accounts that are added to or updated in the database by synchronization. |
TargetSystem | PAG | PersonExcludeList |
Listing of all user account without automatic identity assignment. Names are listed in a pipe (|) delimited list that is handled as a regular search pattern.
Example:
ADMINISTRATOR|GUEST|KRBTGT|TSINTERNETUSER|IUSR_.*|IWAM_.*|SUPPORT_.*|.* | $ |
TargetSystem | PAG | UserObjectAccessThreshold |
Threshold for the number of privileged access permissions per user, above which a user's risk index is increased. Default is 20. |
TargetSystem | PAG | HighRiskIndexThreshold |
Risk index values higher than this threshold are considered high. Default is 0.5. |
QER | ITShop | AutoPublish | PAGUsrGroup |
Preprocessor relevant configuration parameter for automatically adding PAM user groups to the IT Shop. If the parameter is set, all user groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
QER | ITShop | AutoPublish | PAGUsrGroup | ExcludeList |
List of all PAM user groups that are not to be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.
Example: .*Administrator.*|.*Admins|.*Operators |