Chat now with support
Chat with Support

Identity Manager 8.1.4 - Authorization and Authentication Guide

About this guide One Identity Manager application roles Granting One Identity Manager schema permissions through permissions groups Managing permissions to program features One Identity Manager authentication modules OAuth 2.0 / OpenID Connect configuration Multi-factor authentication in One Identity Manager Granulated permissions for the SQL Server and database

Application roles for attestation

NOTE: This application role is available if the Attestation Module is installed.

The following application roles are available for managing attestation procedures:

Table 4: Application roles for attestation
Application role Description

Administrators

 

Administrators are assigned to the Identity & Access Governance | Attestation | Administrators application role.

Users with this application role:

  • Define attestation procedures and attestation policies.
  • Create approval policies and approval workflows.
  • Specify which approval procedure to use to find attestors.
  • Set up attestation case notifications.
  • Configure attestation schedules.
  • Enter mitigating controls.
  • Create and edit risk index functions.
  • Monitor attestation cases.
Chief approval team

The chief approver must be assigned to the Identity & Access Governance | Attestation | Chief approval team application role.

Users with this application role:

  • Approve using attestation cases.
  • Assign attestation cases to other attestors.

Attestors for external users

Attestors for external users must be assigned to the Identity & Access Governance | Attestation | Attestors for external users application role.

Users with this application role:

  • Attests new, external employees.

NOTE: Attestors in charge are determined through approval procedures. Other application roles may be applied here. Application roles for attestors are defined in different module and are available if the Attestation Module is installed.

Application roles for subscribable reports

NOTE: This application role is available if the module Report Subscription Module is installed.

The following application role is available for managing subscribable reports:

Table 5: Application roles for subscribable reports
Application role Description

Administrators

 

Administrators must be assigned to the Identity & Access Governance | Company policies | Report Subscriptions application role.

Users with this application role:

  • Create subscribable reports from existing reports.
  • Configure report parameters for subscribable reports.
  • Assign subscribable reports to employees, company structures or IT Shop shelves.
  • Create custom mail templates for sending subscribed reports by email.

Management level

The user must be assigned to the Identity Management | Management level application role.

Users with this application role:

  • Can view reports and statistics for management levels in the Web Portal.

Application roles for business roles

NOTE: This application role is available if the Business Roles Module is installed.

The following application roles are available for the administration of business roles:

Table 6: Application roles for business roles
Application role Description

Administrators

 

Administrators must be assigned to the Identity Management | Business roles | Administrators application role.

Users with this application role:

  • Create and edit business roles.
  • Assign company resources to business roles.
  • Administrate application roles for role approvers, role approvers (IT), and attestors.
  • Set up other application roles as required.

Attestors

 

Attestors must be assigned to the Identity Management | Business roles | Attestors application role or a child application role.

Users with this application role:

  • Attest correct assignment of company resource to business roles for which they are responsible.
  • Can view master data for these business roles but not edit them.
NOTE: This application role is available if the module Attestation Module is installed.

Role approver

 

Approvers must be assigned to the Identity Management | Business roles | Role approvers application role or a child application role.

Users with this application role:

  • Are approvers for the IT Shop.
  • Approve requests from business roles for which they are responsible.

Role approver (IT)

 

IT role approvers must be assigned to the Identity Management | Business roles | Role approvers (IT) application role or a child application role.

Users with this application role:

  • Are IT role approvers for the IT Shop.
  • Approve requests from business roles for which they are responsible.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating