Chat now with support
Chat with Support

Identity Manager 8.1.5 - Authorization and Authentication Guide

About this guide One Identity Manager application roles Granting One Identity Manager schema permissions through permissions groups Managing permissions to program features One Identity Manager authentication modules OAuth 2.0 / OpenID Connect configuration Multi-factor authentication in One Identity Manager Granulated permissions for the SQL Server and database

Application roles for Universal Cloud Interface

NOTE: Application roles are available if the Universal Cloud Interface Module is installed.

The following application roles are available for managing cloud systems.

Table 11: Application roles for Universal Cloud Interface
User Tasks

Cloud administrators

Administrators must be assigned to the Universal Cloud Interface | Administrators application role or a child application role.

Users with this application role:

  • Manage application roles for the Universal Cloud Interface.
  • Set up other application roles as required.
  • Configure synchronization in the Synchronization Editor and define the mapping for comparing cloud applications and One Identity Manager.
  • Edit cloud application in the Manager.
  • Edit pending, manual provisioning processes in the Web Portal and obtain statistics.
  • Obtain information about the cloud objects in the Web Portal and the Manager.

Cloud operators

Operators must be assigned to the Universal Cloud Interface | Operators application role or a child application role.

Users with this application role:

  • Edit pending, manual provisioning processes in the Web Portal and obtain statistics.

Cloud auditors

Auditors must be assigned to the Universal Cloud Interface | Auditors application role or a child application role.

Users with this application role:

  • Can view manual provisioning processes in the Web Portal and obtain statistics.

Application roles for custom tasks

The following application roles are available for customer features and tasks.

Table 12: Application roles for custom tasks
Application role Description

Administrators

Administrators must be assigned to the Custom | Administrators application role.

Users with this application role:

  • Administrate custom application roles.

  • Set up other application roles for managers if required.

Manager/supervisor

Managers must be assigned to the Custom | Managers application role or a child role.

Users with this application role:

  • Add custom task in One Identity Manager.

  • Configure and start synchronization in the Synchronization Editor.

  • Edit the synchronization's target system types as well as outstanding objects in the Manager.

You can use these application roles, for example, to guarantee One Identity Manager users write permissions on custom tables or columns. All application roles that you define here must obtain their write permissions through custom permissions groups.

Implementing the application roles

IMPORTANT: To use application roles you must add one employee to the Base roles | Administrators application role. This employee is the authorized to assigned administrative One Identity Manager application roles to other employees.

Run this task once.

To initially add an employee to the Base roles | Administrators application role.

  1. Log into the Manager as a non role-based administrative user.
  2. Select the Employees | Employees category.
  3. Select the employee to be assigned to the Base role | Administrators application role.
  4. Select the Authorize as One Identity Manager administrator task.

NOTE: Once you update the view in Manager, the Authorize as One Identity Manager administrator task is no longer displayed in the task view. That means that the task can only be run when there are no other employees assigned to this application role.

After you have been working with One Identity Manager for a while, it is possible that no more employees are assigned to the Base roles | Administrators application role. In this case, proceed as described above in order to reassign an employee to this application role.

The One Identity Manager user with the Base roles | Administrators application role can now add more employees to application roles and edit the application role master data.

Related topics

Creating and editing application roles

To set up your first application roles you need to add an employee to the application role Base roles | Administrators. This employee is authorized to add more employees to different administration application roles. For more information, see Implementing the application roles.

Administrators can edit child application roles, set up more application roles and assigned employees.

NOTE: To edit the application role, log on to the Manager using a role-based authentication module.

To edit an application role

  1. In the Manager in the One Identity Manager Administration category, select the Application role.
  2. Select the Change master data task.
  3. Edit the application role's master data.
  4. Save the changes.

To create a new application role

  1. In the Manager in the One Identity Manager Administration category, select the application role under which you want to create a new application role.

  2. Click in the result list.

  3. Enter the application role master data.
  4. Save the changes.
NOTE: You cannot delete default application roles.
Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating