Chat now with support
Chat with Support

Identity Manager 9.1.3 - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning employees, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded employees Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Certifying departments, cost centers, and locations Reports about departments, cost centers, and locations
Employee administration
One Identity Manager users for employee administration Basic data for employee main data Employee's central user account Employee's default email address Employee's central password Mapping multiple employee identities Password policies for employees Creating and editing employees Disabling and deleting employees Deleting all employee related data Limited access to One Identity Manager Changing the certification status of employees Assigning company resources to employees Displaying the origin of employees' roles and entitlements Analyzing role memberships and employee assignments Displaying the employees overview Displaying and deleting employees' Webauthn security keys Determining the language for employees Determining employees working hours Manually assigning user accounts to employees Entering calls for employees Assigning extended properties to employees Employee reports
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing employees Configuration parameters for managing devices and workdesks

Configuration parameters for managing departments, cost centers, and locations

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 68: Configuration parameter
Configuration parameters Description
QER | Structures Controls whether hierarchical roles are supported.

QER | Structures | DynamicGroupCheck

Controls generation of calculation tasks for dynamic roles. If the configuration parameter is not set, the subparameters do not apply.

QER | Structures | DynamicGroupCheck |
CalculateImmediatelyPerson

If the parameter is set, a calculation task for modifications to employees or employee level objects is queued immediately in the DBQueue Processor. If the parameter is not set, the calculation tasks are queued the next time the schedule is planned to run.

QER | Structures | DynamicGroupCheck |
CalculateImmediatelyHardware

If the parameter is set, a calculation task for modifications to devices or device level objects is queued immediately in the DBQueue Processor. If the parameter is not set, the calculation tasks are queued the next time the schedule is planned to run.

QER | Structures | DynamicGroupCheck |
CalculateImmediatelyWorkdesk

If the parameter is set, a calculation task for modifications to workdesks or workdesk level objects is queued immediately in the DBQueue Processor. If the parameter is not set, the calculation tasks are queued the next time the schedule is planned to run.

QER | Structures | ExcludeStructures

Preprocessor relevant configuration parameter for defining the effectiveness of role memberships. If this parameter is set, mutually excluding roles can be defined. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

QER | Structures | Inherite | Employee

Determines whether employees inherit through primary assignment.

QER | Structures | Inherite | Employee| GroupExclusion

Specifies whether employees inherit assignments from their primary department (Person.UID_Department).

QER | Structures | Inherite | Employe | FromLocality

Specifies whether employees inherit assignments from their primary location (Person.UID_Locality).

QER | Structures | Inherite | Employee| FromProfitCenter

Specifies whether employees inherit assignments from their primary cost center (Person.UID_ProfitCenter).

QER | Structures | Inherite | Hardware

Determines whether devices inherit through primary assignment.

QER | Structures | Inherite | Hardware | FromDepartment

Specifies whether devices inherit assignments from their primary department (Hardware.UID_Department).

QER | Structures | Inherite | Hardware | FromLocality

Specifies whether devices inherit assignments from their primary location (Hardware.UID_Locality).

QER | Structures | Inherite | Hardware | FromProfitCenter

Specifies whether devices inherit assignments from their primary cost center (Hardware.UID_ProfitCenter).

QER | Structures | Inherite | Workdesk

Determines whether workdesks inherit through primary assignment.

QER | Structures | Inherite | Workdesk | FromDepartment

Specifies whether workdesks inherit assignments from their primary department (Workdesks.UID_Department).

QER | Structures | Inherite | Workdesk | FromLocality

Specifies whether workdesks inherit assignments from their primary location (Workdesk.UID_Locality).

QER | Structures | Inherite | Workdesk | FromProfitCenter

Specifies whether workdesks inherit assignments from their primary cost center (Workdesk.UID_ProfitCenter).

Configuration parameters for managing employees

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 69: Configuration parameters

Configuration parameter

Description

QER | Person

If this configuration parameter is set, employee administration is supported.

QER | Person | AllowLoginWithSecurityIncident

Specifies whether employees who are classified as security risks are allowed to log in to the One Identity Manager.

If the configuration parameter is set, login is possible.

If the configuration parameter is not set, employees who are classified as security risk are not allowed to log in (default).

QER | Person | CentralAccountGlobalUnique

Specifies how the central user account is mapped.

If this configuration parameter is set, the central user account for an employee is formed uniquely in relation to the central user accounts of all employees and the user account names of all permitted target systems.

If the configuration parameter is not set, it is only formed uniquely related to the central user accounts of all employees.

QER | Person | DefaultMailDomain

Default mail domain. The value is used to establish an employee's email address.

Person | MasterIdentity | UseMasterForAuthentication

Specifies whether the main identity should be used to log in to One Identity Manager tools using an employee-linked authentication module.

If this parameter is set, the main identity is used for employee-linked authentication. If the parameter is not set, the subidentity for employee-linked authentication is used.

QER | Person | PasswordResetAuthenticator | InvalidateUsedQuery

Specifies whether the password questions used for a successful password reset become invalid afterward.

QER | Person | PasswordResetAuthenticator | QueryAnswerDefinitions

Specifies the number of password questions that an employee has to define in order to change their password.

QER | Person | PasswordResetAuthenticator | QueryAnswerRequests

Specifies the number of password questions that an employee has to answer in order to change their password.

QER | Person | PasswordResetAuthenticator | PasscodeSplit

Specifies whether a passcode generated by the help desk is split into two components, one for the help desk and one for the employee's manager.

QER | Person | TemporaryDeactivation

Controls the behavior between employees and user accounts if employees are temporarily deactivated.

If the configuration parameter is set, the employee's user accounts are locked if the employee is permanently or temporarily disabled.

If the configuration parameter is not set, the employee's properties do not have any effect on the associated user accounts.

QER | Person | UseCentralPassword

Specifies whether the employee's central password is used in the user accounts. The employee’s central password is automatically mapped to the employee’s user account in all permitted target systems. This excludes privileged user accounts, which are not updated.

QER | Person | UseCentralPassword | CheckAllPolicies

Specifies whether an employee's central password is checked against all the target system's password policies of the employee's user accounts. Checking is only carried out in the Password Reset Portal.

QER | Person | UseCentralPassword | SyncToSystemPassword

Specifies whether the employee's central password is copied to the employee's system user password.

QER | Person | UseCentralPassword | SyncToSystemPassword | UnlockByCentralPassword

Specifies whether the employee's system user account is unlocked when the central password is synchronized.

SysConfig

Allows configuration of general system behavior settings.

SysConfig | Display

Allows the configuration of the front-end design.

SysConfig | Display | SourceDetective

Preprocessor relevant configuration parameter for controlling how the source of an employee's entitlements are displayed. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

Configuration parameters for managing devices and workdesks

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 70: Configuration parameter

Configuration parameters

Description

Hardware

Preprocessor relevant configuration parameter to control the database model components for device administration. If the parameter is set, the device administration components are available. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

Hardware | AssetAccounting

Preprocessor parameter to control the model components for asset accounting. If the parameter is set, asset accounting components are available. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

Hardware | Display

Specifies whether the displaying of device properties can be configured.

Hardware | Display | CustomHardwareType

Specifies whether forms customized to the main data are displayed when setting up a new device with the appropriate device model.

Hardware | Display | CustomHardwareType | MobilePhone

Add a device type that represents a mobile phone.

Hardware | Display | CustomHardwareType | Monitor

Add a device type that represents a monitor

Hardware | Display | CustomHardwareType | PC

Add a device type that represents a PC.

Hardware | Display | CustomHardwareType | Printer

Add a device type that represents a printer.

Hardware | Display | CustomHardwareType | Server

Add a device type that represents a server.

Hardware | Display | CustomHardwareType | Tablet

Add a device type that represents a tablet.

Hardware | Display | DisplayResolutions

Pipe delimited list of all monitor resolutions that are supplied on the device's main data forms.

Hardware | Display | MachineWithRPL

Specifies whether the data for remote booting of workstations and servers can be edited.

Hardware | Workdesk

If this configuration parameter is set, workdesk administration is supported.

Hardware | Workdesk | WorkdeskAuto

Specifies whether when setting up a workstation or server, an associated workdesk is automatically created.

Hardware | Workdesk | WorkdeskAutoPerson

If this configuration parameter is set, creating a workdesk automatically creates an associated employee object. This employee object can be used to make requests for this workstation.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating