Chat now with support
Chat with Support

Identity Manager On Demand - Starling Edition Hosted - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning identities, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded identities Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Certifying departments, cost centers, and locations Reports about departments, cost centers, and locations
Identity administration
One Identity Manager users for managing identities Basics for managing identities Creating and editing identities Assigning company resources to identities Displaying the origin of identities' roles and entitlements Analyzing role memberships and identity assignments Deactivating and deleting identities Deleting all personal data Limited access to One Identity Manager Changing the certification status of identities Displaying the identities overview Displaying and deleting identities' Webauthn security keys Determining the language for identities Determining identities working hours Manually assigning user accounts to identities Entering tickets for identities Assigning extended properties to identities Reports about identities Basic configuration data for identities
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing identities Configuration parameters for managing devices and workdesks

Dynamic roles with incorrectly excluded identities

In the Manager, you can obtain an overview of all the dynamic roles with conflicting entries in the exclude list. This means that for at least one item in the list the following applies:

  • The dynamic role condition does not apply.

    For example, this might occur if the dynamic role condition was changed after an identity was entered in the exclude list.

    - OR -

  • The excluded identity is also assigned to the role in another way

    such as through inheritance or direct assignment.

Check these entries and correct the assignments.

To check conflicting entries of departments, locations, or cost centers in the exclusion list

  1. In the Manager, select the Organizations > Troubleshooting > Dynamic roles with potentially incorrect excluded identities category.

  2. Select the dynamic role in the result list.

  3. Select the Exclude identities task.

    In the exclusion list you can see which identities are affected by the given conditions.

Related topics

Assign organizations

Use this task to map the relationships of a department, cost center of a location to other roles. This task has the same effect as assigning a department, cost center, or location on the role main data form. The assignment is entered in the respective foreign key column in the base table.

To assign a cost center or location to departments

  1. In the Manager, select the Organizations > Cost centers or the Organizations > Locations category.

  2. Select the role in the result list.

  3. Select the Assign organizations task.

  4. Select the Departments tab.

  5. In the Add assignments pane, assign departments.

    The selected role is primarily assigned to all departments as a cost center or location.

  6. Save the changes.

To assign a department or a location to cost centers

  1. In the Manager, select the Organizations > Departments or the Organizations > Locations category.

  2. Select the role in the result list.

  3. Select the Assign organizations task.

  4. Select the Cost centers tab.

  5. In the Add assignments pane, assign cost centers.

    The selected role is primarily assigned to all cost centers as a department or location.

  6. Save the changes.

To assign a department or a cost center to locations

  1. In the Manager, select the Organizations > Departments or the Organizations > cost centers category.

  2. Select the role in the result list.

  3. Select the Assign organizations task.

  4. Select the Locations tab.

  5. In the Add assignments pane, assign locations.

    The selected role is primarily assigned to all locations as a department or cost center.

  6. Save the changes.

Specifying inheritance exclusion for departments, cost centers, and locations

You can define conflicting roles to prevent identities, devices, or workdesks from being assigned to several roles at the same time and from obtaining mutually exclusive company resources through these roles. At the same time, specify which departments, cost centers, and locations are mutually exclusive. This means you may not assign these roles to one and the same identity (device, workdesk).

NOTE: Only roles, which are defined directly as conflicting roles cannot be assigned to the same identity (device, workdesk). Definitions made on parent or child roles do not affect the assignment.

To configure inheritance exclusion

  • In the Designer, set the QER | Structures | ExcludeStructures configuration parameter and compile the database.

    NOTE: If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

To define inheritance exclusion for a departments

  1. In the Manager, select the Organizations > Departments category.

  2. Select the department in the result list.

  3. Select Edit conflicting departments.

  4. In the Add assignments pane, assign departments that are mutually exclusive to the selected department.

    - OR -

    In the Remove assignments pane, remove the departments that are no longer mutually exclusive.

  5. Save the changes.

To define inheritance exclusion for a cost center

  1. In the Manager, select the Organizations > Cost centers category.

  2. Select the cost center in the result list.

  3. Select Edit conflicting cost centers.

  4. In the Add assignments pane, assign cost centers that are mutually exclusive to the selected cost center.

    - OR -

    In the Remove assignments pane, remove the cost centers that are no longer mutually exclusive.

  5. Save the changes.

To define inheritance exclusion for a cost center

  1. In the Manager, select the Organizations > Locations category.

  2. Select the location in the result list.

  3. Select Edit conflicting locations.

  4. In the Add assignments pane, assign locations that are mutually exclusive to the selected location.

    - OR -

    In the Remove assignments pane, remove the locations that are no longer mutually exclusive.

  5. Save the changes.
Detailed information about this topic

Assigning extended properties to departments, cost centers, and locations

You can assign extended properties to departments, cost centers, and locations. Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager.

To set extended properties

  1. In the Manager, select the Organizations > <role class> category.

  2. Select the role in the result list.

  3. Select Assign extended properties.

  4. In the Add assignments pane, assign extended properties.

    TIP: In the Remove assignments pane, you can remove assigned extended properties.

    To remove an assignment

    • Select the extended property and double-click .

  5. Save the changes.
Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating