Chat now with support
Chat with Support

Identity Manager 9.1.2 - Administration Guide for Privileged Account Governance

About this guide Managing a Privileged Account Management system in One Identity Manager Synchronizing a Privileged Account Management system
Setting up the initial synchronization of a One Identity Safeguard Customizing the synchronization configuration for One Identity Safeguard Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing PAM user accounts and employees Managing assignments of PAM user groups Login information for PAM user accounts Mapping of PAM objects in One Identity Manager PAM access requests Handling of PAM objects in the Web Portal Basic data for managing a Privileged Account Management system Configuration parameters for managing a Privileged Account Management system Default project template for One Identity Safeguard Editing One Identity Safeguard system objects One Identity Safeguard connector settings Known issues about connecting One Identity Safeguard appliances

Creating PAM appliances

NOTE: The Synchronization Editor sets up the appliances in the One Identity Manager database. If necessary, appliances can also be created in the Manager.

To set up an appliance

  1. In the Manager, select the Privileged Account Management > Appliances category.

  2. Click in the result list.

  3. On the main data form, edit the main data of the appliance.

  4. Save the changes.
Related topics

Editing the main data of PAM appliances

To edit the main data of an appliance:

  1. In the Manager, select the Privileged Account Management > Appliances category.

  2. Select the appliance in the result list.

  3. Select the Change main data task.

  4. Edit the main data of the appliance.

  5. Save the changes.
Related topics

General main data of PAM appliances

On the General tab, you enter the following main data:

Table 20: General main data of an appliance

Property

Description

Appliance

Name of the appliance.

URL

Address (URL) of PAM web application This address is required to allow PAM users to log in to the system through the Web Portal on the PAM, for example, to retrieve a requested password or start a requested session.

Model

Model name of the appliance.

Appliance version

Version number of the appliance.

Network interface X0

IP address of the primary interface of the appliance in IPv4 or IPv6 format.

Network interface X01

IP address of the session module in IPv4 or IPv6 format.

Clustered

Specifies whether the appliance is clustered.

Account definition (initial)

Initial account definition for creating user accounts. This account definition is used if automatic assignment of employees to user accounts is used for this appliance and if user accounts are to be created that are already managed (Linked configured). The account definition's default manage level is applied.

User accounts are only linked to the employee (Linked) if no account definition is given. This is the case on initial synchronization, for example.

Target system managers

Application role in which target system managers for the appliance are defined. Target system managers only edit the objects of the appliance to which they are assigned. Each appliance can have a different target system manager assigned to it.

Select the One Identity Manager application role whose members are responsible for administration of this appliance. Use the button to add a new application role.

Synchronized by

Type of synchronization through which data is synchronized between the appliance and One Identity Manager. You can no longer change the synchronization type once objects for this appliance are present in One Identity Manager.

If you create an appliance with the Synchronization Editor, it uses One Identity Manager.

Table 21: Permitted values
Value Synchronization by Provisioned by

One Identity Manager

One Identity Safeguard connector

One Identity Safeguard connector

No synchronization

none

none

NOTE: If you select No synchronization, you can define custom processes to exchange data between One Identity Manager and the target system.
Related topics

Defining categories for the inheritance of PAM user groups

In One Identity Manager, user accounts can selectively inherit user groups. To do this, user groups and user accounts are divided into categories. The categories can be freely selected and are specified using a mapping rule. Each category is given a specific position within the template. The template contains two tables; the user account table and the group table. Use the user account table to specify categories for target system dependent user accounts. In the group table, enter your categories for the target system-dependent groups. In the other tables, enter your categories for the user groups. Each table contains the category positions position 1 to position 63.

To define a category

  1. In the Manager, select the appliance in the Privileged Account Management > Appliances category.

  2. Select the Change main data task.

  3. Switch to the Mapping rule category tab.

  4. Extend the relevant roots of the user account table or group table.

  5. To enable the category, double-click .

  6. Enter a category name of your choice for user accounts and groups in the login language that you use.

  7. Save the changes.
Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating