Chat now with support
Chat with Support

Identity Manager 8.1.4 - Authorization and Authentication Guide

About this guide One Identity Manager application roles Granting One Identity Manager schema permissions through permissions groups Managing permissions to program features One Identity Manager authentication modules OAuth 2.0 / OpenID Connect configuration Multi-factor authentication in One Identity Manager Granulated permissions for the SQL Server and database

Employee (role-based)

NOTE: This authentication module is available if the Identity Management Base Module is installed.

Credentials

Employee's central user account and password.

Prerequisites

  • The employee exists in the One Identity Manager database.
  • The central user account is entered in the employee's master data.
  • The system user password is entered in the employee's master data.
  • The employee is assigned at least one application role.

Set as default

Yes

Single sign-on

No

Front-end login allowed

Yes

Web Portal login allowed

Yes

Remarks

If an employee has more than one identity, the QER | Person | MasterIdentity | UseMasterForAuthentication configuration parameter controls which employee identity is used for authentication.

  • If this configuration parameter is set, the employee’s main identity is used for authentication.
  • If the parameter is not set, the employee’s subidentity is used for authentication.

A dynamic system user determined from the employee's application roles. The user interface and the write permissions are loaded through this system user.

Changes to the data are assigned to the logged in employee.

Employee (dynamic)

NOTE: This authentication module is available if the Identity Management Base Module is installed.

Credentials

Employee's central user account and password.

Prerequisites

  • The employee exists in the One Identity Manager database.
  • The central user account is entered in the employee's master data.
  • The system user password is entered in the employee's master data.
  • The configuration data for dynamically determining the system user is defined in the application. Thus, an employee can, for example, be assigned a system user dynamically depending on their department membership.

Set as default

Yes

Single sign-on

No

Front-end login allowed

Yes

Web Portal login allowed

Yes

Remarks

If an employee has more than one identity, the QER | Person | MasterIdentity | UseMasterForAuthentication configuration parameter controls which employee identity is used for authentication.

  • If this configuration parameter is set, the employee’s main identity is used for authentication.
  • If the parameter is not set, the employee’s subidentity is used for authentication.

The application configuration data is used to determine a system user, which is automatically assigned to the employee. The user interface and write permissions are loaded through the system user that is dynamically assigned to the logged in employee.

Changes to the data are assigned to the logged in employee.

Related topics

User account

NOTE: This authentication module is available if the Identity Management Base Module is installed.

Credentials

The authentication module uses the Active Directory login data of the user currently logged in on the workstation.

Prerequisites

  • The system user with permissions exists in the One Identity Manager database.
  • The employee exists in the One Identity Manager database.
  • Permitted logins are entered in the employee's master data. The logins are expected in the form: domain\user.
  • The system user is entered in the employee's master data.

Set as default

No

Single sign-on

Yes

Front-end login allowed

Yes

Web Portal login allowed

Yes

Remarks

All employee logins saved in the One Identity Manager database are found. The employee whose login data matches that of the current user is used for logging in.

If an employee has more than one identity, the QER | Person | MasterIdentity | UseMasterForAuthentication configuration parameter controls which employee identity is used for authentication.

  • If this configuration parameter is set, the employee’s main identity is used for authentication.
  • If the parameter is not set, the employee’s subidentity is used for authentication.

The user interface and access permissions are loaded through the system user that is directly assigned to the employee found.

Data modifications are attributed to the current user account.

User account (role-based)

NOTE: This authentication module is available if the Identity Management Base Module is installed.

Credentials

The authentication module uses the Active Directory login data of the user currently logged in on the workstation.

Prerequisites

  • The employee exists in the One Identity Manager database.
  • Permitted logins are entered in the employee's master data. The logins are expected in the form: domain\user.
  • The employee is assigned at least one application role.

Set as default

No

Single sign-on

Yes

Front-end login allowed

Yes

Web Portal login allowed

Yes

Remarks

All employee logins saved in the One Identity Manager database are found. The employee whose login data matches that of the current user is used for logging in.

If an employee has more than one identity, the QER | Person | MasterIdentity | UseMasterForAuthentication configuration parameter controls which employee identity is used for authentication.

  • If this configuration parameter is set, the employee’s main identity is used for authentication.
  • If the parameter is not set, the employee’s subidentity is used for authentication.

A dynamic system user determined from the employee's application roles. The user interface and the write permissions are loaded through this system user.

Data modifications are attributed to the current user account.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating