Chat now with support
Chat with Support

Identity Manager 9.2.1 - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning identities, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded identities Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Certifying departments, cost centers, and locations Reports about departments, cost centers, and locations
Identity administration
One Identity Manager users for managing identities Basics for managing identities Creating and editing identities Assigning company resources to identities Displaying the origin of identities' roles and entitlements Analyzing role memberships and identity assignments Deactivating and deleting identities Deleting all personal data Limited access to One Identity Manager Changing the certification status of identities Displaying the identities overview Displaying and deleting identities' Webauthn security keys Determining the language for identities Determining identities working hours Manually assigning user accounts to identities Entering tickets for identities Assigning extended properties to identities Reports about identities Basic configuration data for identities
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing identities Configuration parameters for managing devices and workdesks

Configuration parameters for managing departments, cost centers, and locations

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 65: Configuration parameter
Configuration parameters Description
QER | Structures Controls whether hierarchical roles are supported.

QER | Structures | DynamicGroupCheck

Controls generation of calculation tasks for dynamic roles. If the configuration parameter is not set, the subparameters do not apply.

QER | Structures | DynamicGroupCheck |
CalculateImmediatelyPerson

If the parameter is set, a calculation task for modifications to identities or identity level objects is queued immediately in the DBQueue Processor. If the parameter is not set, the calculation tasks are queued the next time the schedule is planned to run.

QER | Structures | DynamicGroupCheck |
CalculateImmediatelyHardware

If the parameter is set, a calculation task for modifications to devices or device level objects is queued immediately in the DBQueue Processor. If the parameter is not set, the calculation tasks are queued the next time the schedule is planned to run.

QER | Structures | DynamicGroupCheck |
CalculateImmediatelyWorkdesk

If the parameter is set, a calculation task for modifications to workdesks or workdesk level objects is queued immediately in the DBQueue Processor. If the parameter is not set, the calculation tasks are queued the next time the schedule is planned to run.

QER | Structures | ExcludeStructures

Preprocessor relevant configuration parameter for defining the effectiveness of role memberships. If this parameter is set, mutually excluding roles can be defined. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

QER | Structures | Inherite | Person

Specifies whether identities inherit through primary assignment.

QER | Structures | Inherite | Person | GroupExclusion

Specifies whether identities inherit assignments from their primary department (Person.UID_Department).

QER | Structures | Inherite | Person | FromLocality

Specifies whether identities inherit assignments from their primary location (Person.UID_Locality).

QER | Structures | Inherite | Person | FromProfitCenter

Specifies whether identities inherit assignments from their primary cost center (Person.UID_ProfitCenter).

QER | Structures | Inherite | Hardware

Specifies whether devices inherit through primary assignment.

QER | Structures | Inherite | Hardware | FromDepartment

Specifies whether devices inherit assignments from their primary department (Hardware.UID_Department).

QER | Structures | Inherite | Hardware | FromLocality

Specifies whether devices inherit assignments from their primary location (Hardware.UID_Locality).

QER | Structures | Inherite | Hardware | FromProfitCenter

Specifies whether devices inherit assignments from their primary department (Hardware.UID_Department).

QER | Structures | Inherite | Workdesk

Specifies whether workdesks inherit through primary assignment.

QER | Structures | Inherite | Workdesk | FromDepartment

Specifies whether workdesks inherit assignments from their primary department (Workdesks.UID_Department).

QER | Structures | Inherite | Workdesk | FromLocality

Specifies whether workdesks inherit assignments from their primary location (Workdesk.UID_Locality).

QER | Structures | Inherite | Workdesk | FromProfitCenter

Specifies whether workdesks inherit assignments from their primary cost center (Workdesk.UID_ProfitCenter).

Configuration parameters for managing identities

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 66: Configuration parameters

Configuration parameter

Description

QER | Person

If this configuration parameter is set, identity administration is supported.

QER | Person | AllowLoginWithSecurityIncident

Specifies whether identities that are classified as security risks are allowed to log in to the One Identity Manager.

If the configuration parameter is set, login is possible. If the configuration parameter is not set, identities that are classified as security risk are not allowed to log in (default).

QER | Person | CentralAccountGlobalUnique

Specifies how the central user account is mapped.

If the configuration parameter is set, the central user account name of an identity is made up uniquely with respect to all identity central user accounts and the account names of all permitted target systems. If the configuration parameter is not set, the name is only formed with respect to the central user account of all identities.

QER | Person | DefaultMailDomain

Default mail domain. The value is used to establish an identity's email address.

Person | MasterIdentity | UseMasterForAuthentication

Specifies whether the main identity should be used to log in to One Identity Manager tools using an identity-based authentication module.

If this parameter is set, the main identity is used for identity-based authentication. If this parameter is not set, the subidentity is used for identity-based authentication.

QER | Person | PasswordResetAuthenticator | InvalidateUsedQuery

Specifies whether the password questions used for a successful password reset become invalid afterward.

QER | Person | PasswordResetAuthenticator | QueryAnswerDefinitions

Specifies the number of password questions that an identity has to define in order to change their password.

QER | Person | PasswordResetAuthenticator | QueryAnswerRequests

Specifies the number of password questions that an identity has to answer in order to change their password.

QER | Person | PasswordResetAuthenticator | PasscodeSplit

Specifies whether a passcode generated by the help desk is split into two components, one for the help desk and one for the identity's manager.

QER | Person | TemporaryDeactivation

Controls the behavior between identities and user accounts if identities are deactivated.

If the configuration parameter is set, the user accounts of the identity are locked for the period of temporary or permanent disablement. If the configuration parameter is not set, the properties of the associated identity have no influence over the user accounts.

QER | Person | UseCentralPassword

Specifies whether the identity's central password is used in the user accounts. The identity’s central password is automatically mapped to the identity’s user accounts in all permitted target systems. This excludes privileged user accounts, which are not updated.

QER | Person | UseCentralPassword | CheckAllPolicies

Specifies whether an identity's central password is checked against all the target system's password policies of the identity's user accounts. Checking is only carried out in the Password Reset Portal.

QER | Person | UseCentralPassword | SyncToSystemPassword

Specifies whether the identity's central password is copied to the identity's system user password.

QER | Person | UseCentralPassword | SyncToSystemPassword | UnlockByCentralPassword

Specifies whether the identity's system user account is unlocked when the central password is synchronized.

SysConfig

Allows configuration of general system behavior settings.

SysConfig | Display

Allows the configuration of the front-end design.

SysConfig | Display | SourceDetective

Preprocessor relevant configuration parameter for controlling how the source of an identity's entitlements are displayed. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

QER | Person | HideDeactivatedIdentities

Specifies whether deactivated identities are hidden, for example, in menus on forms.

If the configuration parameter is set, activated and deactivated identities are hidden and cannot be assigned. However, deactivated identities that are already assigned are shown. If the configuration parameter is not set, activated and deactivated identities are shown and can be assigned. (Default)

Configuration parameters for managing devices and workdesks

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 67: Configuration parameter

Configuration parameters

Description

Hardware

Preprocessor relevant configuration parameter to control the database model components for device administration. If the parameter is set, the device administration components are available. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

Hardware | AssetAccounting

Preprocessor parameter to control the model components for asset accounting. If the parameter is set, asset accounting components are available. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

Hardware | Display

Specifies whether the displaying of device properties can be configured.

Hardware | Display | CustomHardwareType

Specifies whether forms customized to the main data are displayed when setting up a new device with the appropriate device model.

Hardware | Display | CustomHardwareType | MobilePhone

Add a device type that represents a mobile phone.

Hardware | Display | CustomHardwareType | Monitor

Add a device type that represents a monitor

Hardware | Display | CustomHardwareType | PC

Add a device type that represents a PC.

Hardware | Display | CustomHardwareType | Printer

Add a device type that represents a printer.

Hardware | Display | CustomHardwareType | Server

Add a device type that represents a server.

Hardware | Display | CustomHardwareType | Tablet

Add a device type that represents a tablet.

Hardware | Display | DisplayResolutions

Pipe delimited list of all monitor resolutions that are supplied on the device's main data forms.

Hardware | Display | MachineWithRPL

Specifies whether the data for remote booting of workstations and servers can be edited.

Hardware | Workdesk

If this configuration parameter is set, workdesk administration is supported.

Hardware | Workdesk | WorkdeskAuto

Specifies whether when setting up a workstation or server, an associated workdesk is automatically created.

Hardware | Workdesk | WorkdeskAutoPerson

If this configuration parameter is set, creating a workdesk automatically creates an associated identity. This identity can be used to make requests for this workstation.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating