Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email for assistance

Identity Manager 9.0 LTS - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning employees, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded employees Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Reports about departments, cost centers, and locations
Employee administration
One Identity Manager users for employee administration Basic data for employee main data Employee's central user account Employee's default email address Employee's central password Mapping multiple employee identities Password policies for employees Creating and editing employees Disabling and deleting employees Deleting all employee related data Limited access to One Identity Manager Changing the certification status of employees Assigning company resources to employees Displaying the origin of employees' roles and entitlements Analyzing role memberships and employee assignments Displaying the employees overview Displaying and deleting employees' Webauthn security keys Determining the language for employees Determining employees working hours Manually assigning user accounts to employees Entering calls for employees Assigning extended properties to employees Employee reports
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing employees Configuration parameters for managing devices and workdesks

Applying employee password policies

The One Identity Manager password policy and Employee central password policy are predefined password policies for employees' central passwords.

You can assign custom password policies to employees' password columns. You can also assign the password policies to departments, cost centers, locations, or business roles, and therefore apply password policies depending on the employees' organizational classification.

Which password policy is applied to a person is determined in the following order:

  1. Password policy of the employee's primary business role

  2. Password policy of the employee's primary department

  3. Password policy of the employee's primary location

  4. Password policy of the employee's primary cost center

  5. General password policy for employee passwords

  6. The One Identity Manager password policy (default policy)

Related topics

Changing the password policy for password columns

If you do not want to apply the predefined password policy to the password column of employees, change the password policy assignment to the base object in the Manager.

To change a password policy's assignment

  1. In the Manager, select the Employees > Basic configuration data > Password policies category.

  2. Select the password policy in the result list.

  3. Select the Assign objects task.

  4. In the Assignments pane, select the assignment you want to change.

  5. From the Password Policies menu, select the new password policy you want to apply.

  6. Save the changes.

Assigning password policies to departments, cost centers, locations, and business roles

You can assign the password policies for forming an employee's system user password, the passcode, and an employee's central password to departments, cost centers, locations, and business roles.

NOTE: If you want to use the assignment of a password policy through company structures, you need to decide whether to use either departments, cost centers, locations, or business roles. Otherwise, performance problems may occur when determining the valid password policy. A large number of hierarchy levels could also lead to performance problems when determining the password policy to apply.

To reassign a password policy

  1. In the Manager, select the Employees > Basic configuration data > Password policies category.

  2. Select the password policy in the result list.

  3. Select the Assign objects task.

  4. Click Add in Assignments and enter the following data.

    • Apply to: Application scope of the password policy.

      To specify an application scope

      1. Click next to the field.

      2. Under Table, select the table that contains the basic objects. You have the following options:

        • Departments (Department table)

        • Business roles (Org table)

          NOTE: This table is only available if the Business Roles Module is installed.

        • Locations (Locality table)

        • Cost centers (Profitcenter table)

      3. Under Apply to, select the specific department, cost center, location, or business role.

      4. Click OK.

    • Password column: Name of the password column. You have the following options:

      • Employees - central password (Person table, CentralPassword column)

      • Employees - password (Person table, DialogUserPassword column)

      • Employees - passcode (Person table, Passcode column)

    • Password policy: Name of the password policy to use.

  5. Save the changes.

Editing password policies for employees

Predefined password policies are supplied with the default installation that you can use or customize if required.

To edit a password policy

  1. In the Manager, select the Employees > Basic configuration data > Password policies category.

  2. In the result list, select the password policy.

  3. Select the Change main data task.

  4. Edit the password policy's main data.

  5. Save the changes.
Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating