Chat now with support
Chat with Support

Identity Manager 8.1.4 - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Managing departments, cost centers, and locations Working with dynamic roles Employee administration
One Identity Manager users for employee administration Basic data for employee master data Entering employee master data Employee's central user account Employee's central password Employee's default email address Mapping multiple employee identities Disabling and deleting employees Password policies for employees Limited access to One Identity Manager Assigning company resources to employees Displaying the origin of an employee's roles and entitlements Analyzing role memberships and employee assignments Additional tasks for managing employees Determining an employee’s language Determining an employee's working hours Employee reports
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Effective configuration parameters for setting up employees Configuration parameters for managing devices and workdesks

Assigning property groups

Each extended property must be assigned to at least one property group. Furthermore, you can assign the extended properties to any other property groups.

To assign an extended property to a property group

  1. In the Manager, select the Entitlements | Basic configuration data | Extended properties | <property group> category.

  2. Select the extended property in the result list.

  3. Select the Assign property groups task.

  4. In the Add assignments pane, assign property groups.

    - OR -

    In the Remove assignments pane, remove property groups.

  5. Save the changes.

Related topics

Configuration parameters for managing departments, cost centers, and locations

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 73: Configuration parameter
Configuration parameter Description
QER | Structures If the configuration parameter is set, hierarchical roles are supported.

QER | Structures | DynamicGroupCheck

This configuration parameter controls the generation of calculation tasks for dynamic roles. If the configuration parameter is not set, the subparameters do not apply.

QER | Structures | DynamicGroupCheck |
CalculateImmediatelyPerson

If the parameter is set, a calculation task for modifications to employees or employee level objects is queued immediately in the DBQueue Processor. If the parameter is not set, the calculation tasks are queued the next time the schedule is planned to run.

QER | Structures | DynamicGroupCheck |
CalculateImmediatelyHardware

If the parameter is set, a calculation task for modifications to employees or employee level objects is queued immediately in the DBQueue Processor. If the parameter is not set, the calculation tasks are queued the next time the schedule is planned to run.

QER | Structures | DynamicGroupCheck |
CalculateImmediatelyWorkdesk

If the parameter is set, a calculation task for modifications to workdesks or workdesk level objects is queued immediately in the DBQueue Processor. If the parameter is not set, the calculation tasks are queued the next time the schedule is planned to run.

QER | Structures | ExcludeStructures Preprocessor relevant configuration parameter for defining the effectiveness of role memberships. If this parameter is set, mutually excluding roles can be defined. Changes to this parameter require the database to be recompiled.

QER | Structures | Inherite | Employee

This configuration parameter specifies whether employees can inherit through primary assignments.

QER | Structures | Inherite | Employee| GroupExclusion

This configuration parameter specifies whether employees inherit assignments from their primary department (Person.UID_Department).

QER | Structures | Inherite | Employe | FromLocality

This configuration parameter specifies whether employees inherit assignments from their primary location(Person.UID_Locality).

QER | Structures | Inherite | Employee| FromProfitCenter

This configuration parameter specifies whether employees inherit assignments from their primary cost center(Person.UID_ProfitCenter).

QER | Structures | Inherite | Hardware

This configuration parameter specifies whether devices inherit through primary assignment.

QER | Structures | Inherite | Hardware | FromDepartment

This configuration parameter specifies whether devices inherit assignments from their primary department (Hardware.UID_Department).

QER | Structures | Inherite | Hardware | FromLocality

This configuration parameter specifies whether devices inherit assignments from their primary location(Hardware.UID_Locality).

QER | Structures | Inherite | Hardware | FromProfitCenter

This configuration parameter specifies whether devices inherit assignments from their primary cost center(Hardware.UID_ProfitCenter).

QER | Structures | Inherite | Workdesk

This configuration parameter specifies whether workdesks can inherit through primary assignments.

QER | Structures | Inherite | Workdesk | FromDepartment

This configuration parameter specifies whether workdesks inherit assignments from their primary department (Workdesk.UID_Department).

QER | Structures | Inherite | Workdesk | FromLocality

This configuration parameter specifies whether workdesks inherit assignments from their primary location (Workdesk.UID_Locality).

QER | Structures | Inherite | Workdesk | FromProfitCenter

This configuration parameter specifies whether workdesks inherit assignments from their primary cost center (Person.UID_ProfitCenter).

Effective configuration parameters for setting up employees

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 74: Configuration parameter

Configuration parameter

Description

QER | Person

If this configuration parameter is set, employee administration is supported.

QER | Person | CentralAccountGlobalUnique

This configuration parameter specifies how the central user account is mapped.

If this configuration parameter is set, the central user account for an employee is formed uniquely in relation to the central user accounts of all employees and the user account names of all permitted target systems.

If the configuration parameter is not set, it is only formed uniquely related to the central user accounts of all employees.

QER | Person | DefaultMailDomain

This configuration parameter contains the default mail domain. The value is used to establish an employee's email address.

Person | MasterIdentity | UseMasterForAuthentication

 This configuration parameter specifies whether the main identity should be used to log in to One Identity Manager tools through an employee linked authentication module.

If this parameter is set, the main identity is used for employee linked authentication. If the parameter is not set, the subidentity for employee-linked authentication is used.

QER | Person | PasswordResetAuthenticator | InvalidateUsedQuery

This configuration parameter defines whether the password questions user for a successful password reset become invalid after they are used.

QER | Person | PasswordResetAuthenticator | QueryAnswerDefinitions

This configuration parameter determines the number of password questions that an employee has to define in order to change their password.

QER | Person | PasswordResetAuthenticator | QueryAnswerRequests

This configuration parameter determines the number of password questions that an employee has to answer in order to change their password.

QER | Person | PasswordResetAuthenticator | PasscodeSplit

This parameter determines whether an access code generated by the helpdesk is split into two components, one for the helpdesk and one for the employee's manager.

QER | Person | TemporaryDeactivation

This configuration parameter controls the behavior between employees and user accounts if employees are temporarily inactivated.

If the configuration parameter is set, the employee's user accounts are locked if the employee is permanently or temporarily disabled.

If the configuration parameter is not set, the employee's properties do not have any effect on the associated user accounts.

QER | Person | UseCentralPassword

This configuration parameter specifies whether the employee's central password is used in the user accounts. The employee’s central password is automatically mapped to the employee’s user account in all permitted target systems. This excludes privileged user accounts, which are not updated.

QER | Person | UseCentralPassword | CheckAllPolicies

This configuration parameter specifies if an employee's central password is checked against all the target system's password policies of the employee's user accounts. Checking is only carried out in the Password Reset Portal.

QER | Person | UseCentralPassword | PermanentStore

This configuration parameter controls the storage period for central passwords. If the configuration parameter is enabled, the central password is stored in the One Identity Manager database and is used for new users. If the configuration parameter is disabled, the central password is deleted from the One Identity Manager database following publishing to the existing user accounts. The central password is not available for new user accounts.

QER | Person | UseCentralPassword | SyncToSystemPassword

This configuration parameter defines whether the employee's central password is copied to the employee's system user password.

QER | Person | UseCentralPassword | SyncToSystemPassword | UnlockByCentralPassword

This configuration parameter specifies if the employee's system user account is unlocked when the central password is synchronized.

SysConfig

If this configuration parameter is set, you can configure general settings for system behavior.

SysConfig | Display

If the configuration parameter is set, user interface design is supported.

SysConfig | Display | SourceDetective

Preprocessor relevant configuration parameter for controlling how the source of an employee's entitlements are displayed. Changes to this parameter require the database to be recompiled.

Configuration parameters for managing devices and workdesks

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 75: Configuration parameter

Configuration parameter

Description

Hardware

Preprocessor relevant configuration parameter to control the database model components for device administration. If the parameter is set, the device administration components are available. Changes to this parameter require the database to be recompiled.

Hardware | AssetAccounting

Preprocessor parameter to control the model components for asset accounting. If the parameter is set, asset accounting components are available. Changes to this parameter require the database to be recompiled.

Hardware | Display

This configuration parameter specifies how device properties are displayed can be configured.

Hardware | Display | CustomHardwareType

This configuration parameter specifies whether new device with the appropriate device model is displayed on the custom form.

Hardware | Display | CustomHardwareType | MobilePhone

This configuration parameter contain data for a device type, which represents a mobile phone.

Hardware | Display | CustomHardwareType | Monitor

This configuration parameter contains data for a device type, which represents a monitor.

Hardware | Display | CustomHardwareType | PC

This configuration parameter contains data for a device type, which represents a PC.

Hardware | Display | CustomHardwareType | Printer

This configuration parameter contains data for a device type, which represents a printer.

Hardware | Display | CustomHardwareType | Server

This configuration parameter contains data for a device type, which represents a server.

Hardware | Display | CustomHardwareType | Tablet

This configuration parameter contains data for a device type, which represents a tablet.

Hardware | Display | DisplayResolutions

This configuration parameter contains a pipe delimited list of all screen resolutions that are available for selection for the device's master data form.

Hardware | Display | MachineWithRPL

This configuration parameter specifies whether data for remote rebooting of workstations and server can be edited.

Hardware | Workdesk

If this configuration parameter is set, workdesk administration is supported.

Hardware | Workdesk | WorkdeskAuto

This configuration parameter specifies whether a workdesk is automatically created in association with setting up a workstation or server.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating