Chat now with support
Chat with Support

Identity Manager 8.2 - Administration Guide for Connecting to Cloud Applications

Mapping cloud applications in One Identity Manager Synchronizing cloud applications through the Universal Cloud Interface Provisioning object changes Managing provisioning processes in the Web Portal Mapping cloud objects in One Identity Manager
Cloud applications Container structures in cloud applications User accounts in cloud applications Groups and system entitlements in cloud applications Permissions controls in a cloud application
Base data for managing cloud applications Default project template for cloud applications Cloud system object processing methods Configuration parameters for managing cloud applications

Displaying assigned permissions controls

Use this task to view all the permissions controls that are assigned to the user account.

To display assigned permissions controls

  1. In Manager, select the Universal Cloud Interface > <cloud application> > User accounts category.

  2. Select the user account in the result list.

  3. Select the Assign permissions controls task.

Related topics

Displaying an overview of user accounts in cloud applications

Use this task to obtain an overview of the most important information about a user account.

To obtain an overview of a user account

  1. In Manager, select the Universal Cloud Interface > <cloud application> > User accounts category.

  2. Select the user account in the result list.

  3. Select the User account overview task.

Groups and system entitlements in cloud applications

(missing or bad snippet)
Detailed information about this topic

System entitlements types in cloud applications

Many cloud applications use different entitlement types to manage user entitlements. In addition to groups, these can also be roles or permissions sets, for example. Using synchronization projects created with the Synchronization of a One Identity Starling Connect environment project template, the different types are mapped in the One Identity Manager as follows.

Table 22: Mapping system entitlements in the One Identity Manager

Type

Table

Display name

Group

UCIGroup

Groups

Role

UCIGroup1

System entitlements 1

Profiles

UCIGroup2

System entitlements 2

Entitlement

UCIGroup3

System entitlements 3

Permissionset

UCIItem

Permissions controls

NOTE: In synchronization projects created with a One Identity Manager version older than 8.2, objects of type Profile are also mapped in the UCIItem table.

A user account obtains the required entitlements for accessing target system resources through its memberships in groups and system entitlements. Depending on the target system, memberships are either maintained in the user accounts (user-based membership) or in the system entitlements (entitlement-based membership). When setting up synchronization using the One Identity Starling Connect synchronization project template, the SCIM connector determines the object type where the memberships are stored. Memberships are mapped in the following tables:

Table 23: User account membership

UCIUserHasGroup

Groups: Assignments to user accounts

UCIUserHasGroup1

System entitlement 1: Assignments to user accounts

UCIUserHasGroup2

System entitlement 2: Assignments to user accounts

UCIUserHasGroup3

System entitlement 3: Assignments to user accounts

UCIUserHasItem

User accounts: Permission control assignments

Table 24: System entitlement membership

UCIUserInGroup

User accounts: Assignment to groups

UCIUserInGroup1

User accounts: Assignment to system entitlements 1

UCIUserInGroup2

User accounts: Assignment to system entitlements 2

UCIUserInGroup3

User accounts: Assignment to system entitlements

Permissionset type memberships are always user-based.

By default, only groups are mapped by synchronization projects created with the SCIM Synchronization project template. The SCIM connector determines the object type where the memberships are stored and maps them accordingly either in the UCIUserHasGroup table or in the UCIUserInGroup table.

The cloud application stores which system entitlement types are used and whether the memberships are stored with user accounts or system entitlements.

To display the types of system entitlements used

  1. In the Manager, select the Universal Cloud Interface > Basic configuration data > Cloud applications category.

  2. In the result list, select a cloud application and select the Change main data task.

    • System entitlement types used: List of types of system entitlements used in the cloud application.

    • User account contains memberships: List of types of system entitlements for which memberships are stored with the user account. For types not listed here, the memberships are stored with the system entitlements.

TIP: If the cloud application schema cannot be adequately represented by any default project template, customize the synchronization configuration. At the same time, define how the system entitlements are mapped in the One Identity Manager schema. When you are setting up synchronization, ensure that the base object for the cloud application(CSMRoot) is created in the database and the System entitlements types used (GroupUsageMask) and User account contains memberships (UserContainsGroupList) properties are set correctly.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating