The following configuration parameters are additionally available in One Identity Manager after the module has been installed.
Configuration parameter |
Description |
---|---|
QER | Person |
If this configuration parameter is set, employee administration is supported. |
QER | Person | AllowLoginWithSecurityIncident |
Specifies whether employees who are classified as security risks are allowed to log in to the One Identity Manager. If the configuration parameter is set, login is possible. If the configuration parameter is not set, employees who are classified as security risk are not allowed to log in (default). |
QER | Person | CentralAccountGlobalUnique |
Specifies how the central user account is mapped. If this configuration parameter is set, the central user account for an employee is formed uniquely in relation to the central user accounts of all employees and the user account names of all permitted target systems. If the configuration parameter is not set, it is only formed uniquely related to the central user accounts of all employees. |
QER | Person | DefaultMailDomain |
Default mail domain. The value is used to establish an employee's email address. |
Person | MasterIdentity | UseMasterForAuthentication |
Specifies whether the main identity should be used to log in to One Identity Manager tools using an employee-linked authentication module.
If this parameter is set, the main identity is used for employee-linked authentication. If the parameter is not set, the subidentity for employee-linked authentication is used. |
QER | Person | PasswordResetAuthenticator | InvalidateUsedQuery |
Specifies whether the password questions used for a successful password reset become invalid afterward. |
QER | Person | PasswordResetAuthenticator | QueryAnswerDefinitions |
Specifies the number of password questions that an employee has to define in order to change their password. |
QER | Person | PasswordResetAuthenticator | QueryAnswerRequests |
Specifies the number of password questions that an employee has to answer in order to change their password. |
QER | Person | PasswordResetAuthenticator | PasscodeSplit |
Specifies whether a passcode generated by the help desk is split into two components, one for the help desk and one for the employee's manager. |
QER | Person | TemporaryDeactivation |
Controls the behavior between employees and user accounts if employees are temporarily deactivated. If the configuration parameter is set, the employee's user accounts are locked if the employee is permanently or temporarily disabled. If the configuration parameter is not set, the employee's properties do not have any effect on the associated user accounts. |
QER | Person | UseCentralPassword |
Specifies whether the employee's central password is used in the user accounts. The employee’s central password is automatically mapped to the employee’s user account in all permitted target systems. This excludes privileged user accounts, which are not updated. |
QER | Person | UseCentralPassword | CheckAllPolicies |
Specifies whether an employee's central password is checked against all the target system's password policies of the employee's user accounts. Checking is only carried out in the Password Reset Portal. |
QER | Person | UseCentralPassword | SyncToSystemPassword |
Specifies whether the employee's central password is copied to the employee's system user password. |
QER | Person | UseCentralPassword | SyncToSystemPassword | UnlockByCentralPassword |
Specifies whether the employee's system user account is unlocked when the central password is synchronized. |
SysConfig |
Allows configuration of general system behavior settings. |
SysConfig | Display |
Allows the configuration of the front-end design. |
SysConfig | Display | SourceDetective |
Preprocessor relevant configuration parameter for controlling how the source of an employee's entitlements are displayed. Changes to this parameter require the database to be recompiled. If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |