Chat now with support
Chat with Support

Identity Manager 9.2 - Authorization and Authentication Guide

About this guide One Identity Manager application roles Granting One Identity Manager schema permissions through permissions groups Managing permissions to program functions One Identity Manager authentication modules OAuth 2.0/OpenID Connect authentication Multi-factor authentication in One Identity Manager Granular permissions for the SQL Server and database Installing One Identity Redistributable Secure Token Server Preventing blind SQL injection Program functions for starting the One Identity Manager tools Minimum access levels of One Identity Manager tools

Application roles for Application Governance

NOTE: This application role is available if the module Application Governance Module is installed.

Table 15: Application roles for Application Governance
Application role Tasks

Administrators

Administrators must be assigned to the Application Governance | Administrators application role.

Users with this application role:

  • Create new applications in the Web Portal.

  • Manage all applications in the Web Portal.

Owner

The owners of applications must be assigned to the Application Governance | Owners application role.

Users with this application role:

  • Can edit applications in the Web Portal for which you are responsible.

Approver

Approvers must be assigned to the Application Goverance | Approvers application role.

Users with this application role:

  • Approve requests for application products.

Application roles for custom tasks

NOTE: This application role is available if the Identity Management Base Module is installed.

The following application roles are available for customer features and tasks.

Table 16: Application roles for custom tasks
Application role Description

Administrators

Administrators must be assigned to the Custom | Administrators application role.

Users with this application role:

  • Administrate custom application roles.

  • Set up other application roles for managers if required.

Manager/supervisor

Managers must be assigned to the Custom | Managers application role or a child role.

Users with this application role:

  • Add custom task in One Identity Manager.

  • Configure and start synchronization in the Synchronization Editor.

  • Edit the synchronization's target system types as well as outstanding objects in the Manager.

You can use these application roles, for example, to guarantee One Identity Manager user permissions on custom tables or columns. All application roles that you define here must obtain their permissions through custom permissions groups.

Implementing the application roles

IMPORTANT: To use application roles you must add one identity to the Base roles | Administrators application role. This identity is the authorized to assigned administrative One Identity Manager application roles to other identities.

Run this task once.

To initially add an identity to the Base roles | Administrators application role.

  1. Log into the Manager as a non role-based administrative user.

  2. Select the Identities > Identities category.

  3. Select the identity to be assigned to the Base role | Administrators application role.

  4. Select the Authorize as One Identity Manager administrator task.

    The One Identity Manager user with the Base roles | Administrators application role can now add more identities to application roles and edit the application role main data.

NOTE: Once you update the view in the Manager, the Authorize as One Identity Manager administrator task is no longer displayed in the task view. That means that the task can only be run when there are no other identities assigned to this application role.

After you have been working with One Identity Manager for a while, it is possible that no more identities are assigned to the Base roles | Administrators application role. In this case, proceed as described above in order to reassign an identity to this application role.

Related topics

Creating and editing application roles

To set up your first application roles you need to add an identity to the application role Base roles | Administrators. This identity is authorized to add more identities to different administration application roles. For more information, see Implementing the application roles.

Administrators can edit child application roles, set up more application roles and assigned identities.

NOTE: To edit the application role, log on to the Manager using a role-based authentication module.

To edit an application role

  1. In the Manager in the One Identity Manager Administration category, select the Application role.

  2. Select the Change main data task.

  3. Edit the application role's main data.

  4. Save the changes.

To create a new application role

  1. In the Manager in the One Identity Manager Administration category, select the application role under which you want to create a new application role.

  2. Click in the result list.

  3. Enter the application role main data.

  4. Save the changes.

NOTE: You cannot delete default application roles.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating