Chat now with support
Chat with Support

Identity Manager 9.2 - Authorization and Authentication Guide

About this guide One Identity Manager application roles Granting One Identity Manager schema permissions through permissions groups Managing permissions to program functions One Identity Manager authentication modules OAuth 2.0/OpenID Connect authentication Multi-factor authentication in One Identity Manager Granular permissions for the SQL Server and database Installing One Identity Redistributable Secure Token Server Preventing blind SQL injection Program functions for starting the One Identity Manager tools Minimum access levels of One Identity Manager tools

Application role for the Operations Support Web Portal

NOTE: This application role is only available if the Identity Management Base Module is installed.

The Operations Support Web Portal helps you to manage and use your web applications. For more information, see the One Identity Manager Operations Support Web Portal User Guide.

The following application roles are available for the Operations Support Web Portal.

Table 2: Application role for the Operations Support Web Portal
Application role Description

Operations support

Identities that use the Operations Support Web Portal, must be assigned the Base roles | Operations support application role.

Members of this application role:

  • Monitor handling of Job queue processes.

  • Monitor handling of the DBQueue.

  • Create passcodes to enable identities to log in to the Password Reset Portal.

Password help desk

Members of the Basic roles | Operations support | Password help desk application role can reset passwords for other identities in the Operations Support Web Portal.

Synchronization post-processing

Members of the Basic roles | Operations support | Synchronization post-processing application role are authorized to manage objects in the Operations Support Web Portal that were identified as pending during synchronization.

System administrators

Members of the Base roles | Operations support | System administrators application role can start and stop processing of the Job queue and the DBQueue in the Operations Support Web Portal.

Application role for Compliance & Security Officers

NOTE: This application role is available if Attestation Module, Compliance Rules Module, or Company Policies Module is installed.

Compliance and security officers must be assigned to the Identity & Access Governance | Compliance & Security Officer application role.

Users with this application role:

  • View all compliance relevant information and other analysis in the Web Portal. This includes attestation policies, company policies and policy violations, compliance rules, and rule violations and risk index functions.

  • Edit attestation polices.

Application role for auditors

NOTE: This application role is available if Attestation Module, Compliance Rules Module or Company Policies Module is installed.

Auditors are assigned to the Identity & Access Governance | Auditors application role.

Users with this application role:

  • See the Web Portal all the relevant data for an audit.

Application roles for identity audit

NOTE: This application role is available if the Compliance Rules Module is installed.

The following application roles are available for managing compliance rule:

Table 3: Application roles for identity audit
Application role Description

Administrators

Administrators must be assigned to the Identity & Access Governance | Identity Audit | Administrators application role.

Users with this application role:

  • Enter base data for setting up company policies.

  • Create compliance rules and assign rule supervisors to them.

  • Can start rule checking and view rule violations as required.

  • Create reports about rule violations.

  • Enter mitigating controls.

  • Create and edit risk index functions.

  • Monitor Identity Audit functions.

  • Administer application roles for rule supervisors, exception approvers and attestors.

  • Set up other application roles as required.

Rule supervisors

 

Rule supervisors must be assigned to the Identity & Access Governance | Identity Audit | Rule supervisors application role or a child application role.

Users with this application role:

  • Are responsible for compliance rule content, for example, an auditor or a auditing department.

  • Edit the compliance rule working copies, which are assigned to the application role.

  • Enable and disable compliance rules.

  • Can start rule checking and view rule violations as required.

  • Assign mitigating controls.

Exception approvers

 

Administrators must be assigned to the Identity & Access Governance | Identity Audit | Exception approvers application role or a child application role.

Users with this application role:

  • Edit rule violations in the Web Portal.

  • Can grant exception approval or revoke it in the Web Portal.

Attestors

 

Attestors must be assigned to the Identity & Access Governance | Identity Audit | Attestors application role.

Users with this application role:

  • Attest compliance rules and exception approvals in the Web Portal for which they are responsible.

  • Can view main data for these compliance rules but not edit them.

NOTE: This application role is available if the module Attestation Module is installed.

Maintain SAP Functions

Administrators must be assigned to the Identity & Access Governance | Identity Audit | Maintain SAP functions application role or a child application role.

Users with this application role:

  • Are responsible for SAP function contents.

  • Edit working copies of function definitions for which they are responsible.

  • Define function instances and variables sets for SAP functions.

  • Assign mitigating controls.

NOTE: This application role is available if the module SAP R/3 Compliance Add-on Module is installed.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating