Chat now with support
Chat with Support

Identity Manager 9.1 - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning employees, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded employees Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Certifying departments, cost centers, and locations Reports about departments, cost centers, and locations
Employee administration
One Identity Manager users for employee administration Basic data for employee main data Employee's central user account Employee's default email address Employee's central password Mapping multiple employee identities Password policies for employees Creating and editing employees Disabling and deleting employees Deleting all employee related data Limited access to One Identity Manager Changing the certification status of employees Assigning company resources to employees Displaying the origin of employees' roles and entitlements Analyzing role memberships and employee assignments Displaying the employees overview Displaying and deleting employees' Webauthn security keys Determining the language for employees Determining employees working hours Manually assigning user accounts to employees Entering calls for employees Assigning extended properties to employees Employee reports
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing employees Configuration parameters for managing devices and workdesks

Location information for workdesks

Enter the following information about a workdesk's location.

Table 54: Workdesk location information
Property Description

Primary department

Department to which the workdesk is primary assigned. A workdesk can obtain company resources over the primary assignments when One Identity Manager is correspondingly configured.

Primary location

Location to which the workdesk is primary assigned. A workdesk can obtain company resources over the primary assignments when One Identity Manager is correspondingly configured.

Fax

Fax number.

Remarks (fax)

Text field for additional explanation.

Building

Building

Room

Room.

Phone

Telephone number.

Floor

Floor.

Remarks (room)

Text field for additional explanation.

Related topics

Additional information for workdesks

Enter additional device prerequisites are diskettes or CD drives necessary, for example.

Table 55: Miscellaneous workdesk data
Property Description

Setup date

Date of going into operation.

Withdrawal date

Date on which the workdesk is written off.

Leasing fee

Leasing fee.

Floppy disk drive required

Specifies whether this workdesk requires a floppy disk drive.

CD-ROM drive required

Specifies whether this workdesk requires a CD-ROM drive.

Comment

Text field for additional explanation.

Assigning company resources to workdesks

One Identity Manager uses different assignment types to assign company resources.

  • Indirect assignment

    In the case of indirect assignment of company resources, employees, devices, and workdesks are arranged in departments, cost centers, locations, business roles, or application roles. The total of assigned company resources for an employee, device, or workdesk is calculated from the position within the hierarchies, the direction of inheritance (top-down or bottom-up) and the company resources assigned to these roles. In the Indirect assignment methods a difference between primary and secondary assignment is taken into account.

  • Direct assignment

    Direct assignment of company resources results from the assignment of a company resource to an employee, device, or workdesk, for example. Direct assignment of company resources makes it easier to react to special requirements.

  • Assignment by dynamic roles

    Assignment through dynamic roles is a special case of indirect assignment. Dynamic roles are used to specify role memberships dynamically. Employees, devices, and workdesks are not permanently assigned to a role, just when they fulfill certain conditions. A check is performed regularly to assess which employees, devices, or workdesks fulfill these conditions. This means the role memberships change dynamically. For example, company resources can be assigned dynamically to all employees in a department in this way; if an employee leaves the department they immediately lose the resources assigned to them.

  • Assignment by request

    Assignment through the IT Shop is a special case of indirect assignment. Add employees to a shop as customers so that company resources can be assigned through IT Shop requests. All company resources assigned as product to this shop can be requested by the customers. Requested company resources are assigned to the employees after approval is granted. Role memberships can be requested through the IT Shop as well as company resources.

    For more information about requests for workdesks, see the One Identity Manager IT Shop Administration Guide and the One Identity Manager Web Portal User Guide.

The following table shows the possible company resources assignments to workdesks.

NOTE: Company resources are defined in One Identity Manager modules and are not available until the modules are installed.
Table 56: Possible assignments of company resources to workdesks
Company Resource Direct assignment permitted Indirect assignment permitted Remarks

System roles

+ +  

Software

+ +  

Active Directory groups

- +

All Active Directory computers that reference the workdesk device are added to Active Directory groups.

LDAP groups

- +

All LDAP computers that reference the workdesk device are added to LDAP groups.

Detailed information about this topic
Related topics

Assigning workdesks to departments, cost centers, and locations

Assign workdesks to departments, cost centers, and locations so that they obtain company resources through these organizations. To assign company resources to departments, cost centers, or locations, use the appropriate organization tasks.

To assign a workdesk to departments, cost centers, and locations (secondary assignment; default method)

  1. In the Manager, select the Devices & Workdesks > Workdesks > Names category.

  2. Select the workdesk in the result list.

  3. Select the Assign organizations task.

  4. In the Add assignments pane, assign the organizations:

    • On the Departments tab, assign departments.

    • On the Locations tab, assign locations.

    • On the Cost centers tab, assign cost centers.

    TIP: In the Remove assignments pane, you can remove assigned organizations.

    To remove an assignment

    • Select the organization and double-click .

  5. Save the changes.

To assign a workdesk to departments, cost centers, and locations (primary assignment)

  1. In the Manager, select the Devices & Workdesks > Workdesks > Names category.

  2. Select the workdesk in the result list.

  3. Select the Change main data task.

  4. Adjust the following main data:

    • Primary department: Department to which the workdesk is assigned.

    • Primary cost center: Cost center to which the workdesk is assigned.

    • Primary location: Location to which the workdesk is assigned.

  5. Save the changes.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating