Chat now with support
Chat with Support

Identity Manager 8.1.4 - Administration Guide for Connecting to Active Directory

Managing Active Directory environments Setting up Active Directory synchronization Basic data for managing an Active Directory environment
Account definitions for Active Directory user accounts Password policies for Active Directory user accounts Initial password for new Active Directory user accounts Email notifications about login data User account names Target system managers Editing a server
Active Directory domains Active Directory user accounts
Linking user accounts to employees Supported user account types Entering master data for Active Directory user accounts Additional tasks for managing Active Directory user accounts Automatic assignment of employees to Active Directory user accounts Updating employees when Active Directory user account are modified Automatic creation of departments and locations based on user account information Disabling Active Directory user accounts Deleting and restoring Active Directory user accounts
Active Directory contacts Active Directory groups
Entering master data for Active Directory groups Validity of group memberships Assigning Active Directory groups to Active Directory user accounts, Active Directory contacts, and Active Directory computers Additional tasks for managing Active Directory groups Deleting Active Directory groups Default solutions for requesting Active Directory groups and group memberships
Active Directory security IDs Active Directory container structures Active Directory computers Active Directory printers Active Directory locations Reports about Active Directory objects Configuration parameters for managing an Active Directory environment Default project template for Active Directory

Active Directory contacts

A contact is a non-security principal. That means a contact cannot log into a domain. A contact, for example, represents a user outside the company and is mainly used for distribution and email purposes.

Related topics

Entering master data for Active Directory contacts

A contact can be connected to an employee in One Identity Manager. You can also manage contacts separately from employees.

NOTE:

  • It is recommended to use account definitions to set up contacts for company employees. If an account definition is used to set up a contact, some of the master data described in the following is composed of the employee’s master data using templates. The amount of data, in this case, is based on the default manage level of the account definitions. The templates supplied should be customized as required.

  • If employees receive their contacts through account definitions, the employees must have a central user account and obtain their IT operating data through assignment to a primary department, primary location or a primary cost center.

To edit contact master data

  1. Select the Active Directory | Contacts category.
  2. Select the contact in the result list and run the Change master data task.

    - OR -

    Click in the result list.

  3. Edit the contact's master data.
  4. Save the changes.

To manually assign or create a contact for an employee

  1. Select the Employees | Employees category.
  2. Select the employee from the result list and run the Assign Active Directory contacts task.
  3. Assign a contact.

    - OR -

    Select the New contact task and edit the master data.

  4. Save the changes.
Detailed information about this topic

 

General master data for Active Directory contacts

Enter the following data on the General tab.

Table 50: General master data
Property Description

Employee

Employee who uses the contact. An employee is already entered if the contact was generated by an account definition. If you are using automatic employee assignment, an associated employee is created when you save the contact and added to the contact. If you create the contact manually, you can select an employee in the menu.

Account definition

Account definition through which the contact was created.

Use the account definition to automatically populate contact master data and to specify a manage level for the contact. One Identity Manager finds the IT operating data of the assigned employee and uses it to populate the corresponding fields in the contact.

NOTE: The account definition cannot be changed once the contact has been saved.

To create the contact manually through an account definition, enter an employee in the Employee field. You can select all the account definitions assigned to this employee and through which no contact has been created for this employee.

Manage level

Contact's manage level. Select a manage level from the menu. You can only specify the manage level can if you have also entered an account definition. All manage levels of the selected account definition are available in the menu.

First name

The contact’s first name. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Last name

The contact's last name. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Initials

The contact’s initials. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Title

Contact’s academic title. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Display name

The contact’s display name. The display name is made up of the contact’s first and last names.

Structural object class

Structural object class representing the object type. By default, set up contacts with "Contact" in One Identity Manager.

Name

The contact’s identifier. The identifier is made up of the contact’s first and last names.

Distinguished name

Contact's distinguished name. The distinguished name is formatted from the contact's identifier and the container and cannot be changed.

Domain

Domain in which to create the contact.

Container

Container in which to create the contact. If you have assigned an account definition, the container is determined from the company IT data for the assigned employee depending on the manage level of the user account. The distinguished name for the contact is determined by a template when the container is selected.

Email address

Contact's email address. If you assigned an account definition, the email address is made up of the employee’s default email address depending on the manage level of the user account.

Risk index (calculated)

Maximum risk index value of all assigned groups. The property is only visible if the QER | CalculateRiskIndex configuration parameter is set. For detailed information, see the One Identity Manager Risk Assessment Administration Guide.

Category

Category for the contact to inherit groups. Groups and be selectively inherited by contacts. To do this, the groups and contacts are divided into categories. Select one or more categories from the menu.

Description

Text field for additional explanation.

Identity

Contact's type of identity.

Groups can be inherited

Specifies whether the employee's groups are inherited. If this option is set, contacts inherit groups through hierarchical roles.

If you add an employee with a contact to an apartment, for example, and you have assigned groups to this department, the contact inherits the groups.

Related topics

Contact data for Active Directory contacts

Enter the data used by this contact for contacting the employee by telephone on the Contact tab.

Table 51: Contact data
Property Description

Phone

Telephone number.

Phone private

Private telephone number.

Fax

Fax number.

Mobile phone

Mobile number.

Pager

Pager number.

Website

Website.

IP telephone number

IP telephone number.

Comment

Text field for additional explanation.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating