Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Identity Manager 8.1.5 - Administration Guide for Connecting Unix-Based Target Systems

Table of Contents

Managing Unix-based systems

Architecture overview One Identity Manager users for managing Unix-based target systems

Setting up synchronization with a Unix-based target system

Users and permissions for synchronizing with a Unix-based target system Configuring Unix the host Setting up the synchronization server Creating a synchronization project for initial synchronization of a Unix host

Information required for setting up a synchronization project Setting up an initial synchronization project

Displaying synchronization results

Configuring the retention period for logs

Customizing the synchronization configuration

Configuring Unix host synchronization Configuring synchronization of several Unix hosts Updating schemas

Post-processing outstanding objects Configuring the provisioning of memberships Accelerating provisioning and single object synchronization Help for the analysis of synchronization issues Disabling synchronization

Basic data for Unix-based target systems

Setting up account definitions

Creating an account definition

Master data for an account definition Creating manage levels

Master data for manage levels

Creating a formatting rule for IT operating data Collecting IT operating data Modify IT operating data Assigning account definitions to employees

Assigning account definitions to departments, cost centers, and locations Assigning an account definition to business roles Assigning account definitions to all employees Assigning account definitions directly to employees Assigning account definitions to system roles Adding account definitions to the IT Shop

Assigning account definitions to a target system Deleting an account definition

Password policies for Unix user accounts

Predefined password policies Using password policies Editing password policies

General master data for password policies Policy settings Character classes for passwords

Custom scripts for password requirements

Script for checking passwords Script for generating a password

Password exclusion list Checking a password Testing password generation

Initial password for new Unix user accounts Email notifications about login data Target system managers Editing a server

Master data for a Job server Server functions of a Job server

General master data for Unix hosts Specifying categories for inheriting permissions How to edit a synchronization project Displaying the Unix host overview Displaying Unix login shells

Unix user accounts

Linking user accounts to employees Supported user account types

Default user accounts Administrative user accounts

Providing administrative user accounts for one employee Providing administrative user accounts for several employees

Privileged user accounts

Entering master data for Unix user accounts

General master data of a Unix user account User account master data for AIX systems

User account limits User account password data Security-relevant user account master data Master data for a user account on an encrypted file system

Additional tasks for managing Unix user accounts

Displaying the Unix user account overview Changing the manage level of Unix user accounts Assigning Unix groups directly to a Unix user account Assigning extended properties to Unix user accounts

Automatic assignment of employees to Unix user accounts

Editing search criteria for automatic employee assignment

Disabling user accounts for AIX systems Deleting and restoring Unix user accounts

Entering master data for Unix groups

General master data for a Unix group

Assigning Unix groups to Unix user accounts

Assigning Unix groups to departments, cost centers and locations Assigning Unix groups to business roles Assigning Unix user accounts directly to a Unix group Adding Unix groups to system roles Adding Unix groups to the IT Shop

Removing a Unix group from an IT Shop shelf Removing a Unix group from all IT Shop shelves

Additional tasks for managing Unix groups

Displaying the Unix group overview Adding Unix groups to Unix groups Effectiveness of group memberships Unix group inheritance based on categories Assigning extended properties to Unix groups

Deleting Unix groups

Reports about Unix objects

Overview of all assignments

Configuration parameters for managing a Unix environment Default project template for Unix-based target systems

Script for generating a password

You can implement a generating script if additional policies need to be used for generating a random password, which cannot be mapped with the available settings.

Syntax for generating script

Public Sub CCC_PwdGenerate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)

With parameters:

policy = password policy object

spwd = generated password

TIP: To use a base object, take the Entity property of the PasswordPolicy class.

Example for a script to generate a password

The script replaces the ? and ! characters at the beginning of random passwords with _.

Public Sub CCC_PwdGenerate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)

Dim pwd = spwd.ToInsecureArray()

' replace invalid characters at first position

If pwd.Length>0

If pwd(0)="?" Or pwd(0)="!"

spwd.SetAt(0, CChar("_"))

End If

End If

End Sub

To use a custom script for generating a password

In the Designer, create your script in the Script Library category.
Edit the password policy.
1. In the Manager, select the Unix | Basic configuration data | Password policies category.
2. In the result list, select the password policy.
3. Select the Change master data task.
4. On the Scripts tab, enter the name of the script to be used to generate a password in the Generating script field.
5. Save the changes.

Related topics

Script for checking passwords

Password exclusion list

You can add words to a list of restricted terms to prohibit them from being used in passwords.

NOTE: The restricted list applies globally to all password policies.

To add a term to the restricted list

In the Designer, select the Base Data | Security settings | Restricted passwords category.
Create a new entry with the Object | New menu item and enter the term you want to exclude from the list.
Save the changes.

Checking a password

When you check a password, all the password policy settings, custom scripts, and the restricted passwords are taken into account.

To check if a password conforms to the password policy

In the Manager, select the Unix | Basic configuration data | Password policies category.
Select the password policy in the result list.
Select the Change master data task.
Select the Test tab.
Select the table and object to be tested in Base object for test.
Enter a password in Enter password to test.

A display next to the password shows whether it is valid or not.

Testing password generation

When you generate a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.

To generate a password that conforms to the password policy

In the Manager, select the Unix | Basic configuration data | Password policies category.
In the result list, select the password policy.
Select the Change master data task.
Select the Test tab.
Click Generate.

This generates and displays a password.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center