Chat now with support
Chat with Support

Identity Manager 9.2.1 - Target System Base Module Administration Guide

Basic mechanisms for identity and user account administration The Unified Namespace

One Identity Manager users for managing target systems in Unified Namespace

The following users are used for managing target systems in the Unified Namespace.

Table 7: Users
Users Tasks

Target system administrators

Target system administrators must be assigned to the Target systems | Administrators application role.

Users with this application role:

  • Administer application roles for individual target system types.

  • Specify the target system manager.

  • Set up other application roles for target system managers if required.

  • Specify which application roles for target system managers are mutually exclusive.

  • Authorize other identities to be target system administrators.

  • Do not assume any administrative tasks within the target system.

Target system managers

Target system managers must be assigned to the Target systems | Unified Namespace application role or a child application role.

Users with this application role:

  • Obtain view of the objects in the connected target systems across all target systems.

  • Can create reports across all target systems.

If the users are also target system managers of the basic underlying target systems, you can manage these target systems through the Unified Namespace.

One Identity Manager administrators

One Identity Manager administrator and administrative system users Administrative system users are not added to application roles.

One Identity Manager administrators:

  • Create customized permissions groups for application roles for role-based login to administration tools in the Designer as required.

  • Create system users and permissions groups for non role-based login to administration tools in the Designer as required.

  • Enable or disable additional configuration parameters in the Designer as required.

  • Create custom processes in the Designer as required.

  • Create and configure schedules as required.

  • Create and configure password policies as required.

Displaying Unified Namespace objects

NOTE: The object properties and assignments cannot be edited in the Unified Namespace. Use the Show base object task to change to the connected target system object. As target system administrator, you can edit the objects of your target system as usual.

To display Unified Namespace objects

  • In the Manager, select the Unified Namespace category.

    User accounts, system entitlements and structure elements of all the connected target systems are displayed hierarchically in the navigation view. This shows the main data and existing assignments of all objects. The object properties and assignments cannot be edited.

Reports about a target system in the Unified Namespace

One Identity Manager supplies various reports with information about a target system mapped in the Unified Namespace.

Table 8: Data quality target system report

Report

Published for

Description

Show overview

User account

This report shows an overview of the user account and the assigned permissions.

Show overview including origin

User account

This report shows an overview of the user account and origin of the assigned permissions.

Show overview including history

User account

This report shows an overview of the user accounts including its history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Show user accounts overview (incl. history)

Container

This report shows all the container's user accounts with their permissions including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Show system entitlements overview (incl. history)

Container

This report shows the container's system entitlements with the assigned user accounts including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Overview of all assignments

Container

This report finds all roles containing identities with at least one user account in the selected container.

Overview of all assignments

System entitlement

This report finds all roles containing identities who have the selected system entitlement.

Show overview

System entitlement

This report shows an overview of the system entitlement and its assignments.

Show overview including origin

System entitlement

This report shows an overview of the system entitlement and origin of the assigned user accounts.

Show overview including history

System entitlement

This report shows an overview of the system entitlement and including its history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Show historical memberships

System entitlement

This report shows all identities that are assigned a user account from this system entitlement including the duration of the membership.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Show entitlement drifts

Target system

This report shows all system entitlements that are the result of manual operations in the target system rather than provisioned by One Identity Manager.

Show user accounts overview (incl. history)

Target system

This report returns all the user accounts with their permissions including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Show user accounts with an above average number of system entitlements

Target system

This report contains all user accounts with an above average number of system entitlements.

Show identities with multiple user accounts

Target system

This report shows all the identities that have multiple user accounts. The report contains a risk assessment.

Show system entitlements overview (incl. history)

Target system

This report shows the system entitlements with the assigned user accounts including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Overview of all assignments

Target system

This report finds all roles containing identities with at least one user account in the selected target system.

Show unused user accounts

Target system

This report contains all user accounts, which have not been used in the last few months.

Show orphaned user accounts

Target system

This report shows all user accounts to which no identity is assigned.

Show user account operations

Target system

This report shows modified user accounts from all target systems for a specific time period.

Reports about all target systems in the Unified Namespace

One Identity Manager supplies various report with information about all the target systems mapped in the Unified Namespace. The data is combined and grouped by target system type.

Table 9: Data quality analysis report
Report Description

Orphaned user accounts in all target systems

This report shows all user accounts to which no identity is assigned. You can find the report in the My One Identity Manager > Data quality analysis category.

Unused user accounts in all target systems

This report contains all user accounts, which have not been used in the last few months. You can find the report in the My One Identity Manager > Data quality analysis category.

System entitlement drifts in all target systems

This report shows all system entitlements that are the result of manual operations in the target system rather than provisioned by One Identity Manager. You can find the report in the My One Identity Manager > Data quality analysis category.

User accounts with an above average number of system entitlements

This report contains all user accounts with an above average number of system entitlements. You can find the report in the My One Identity Manager > Data quality analysis category.

Unified Namespace user account system entitlements distribution

The report shows an overview of the distribution of user accounts and system authorizations in Unified Namespace. You can find the report in the My One Identity Manager > Target system overviews category.

User account operations across all systems

This report shows modified user accounts from all target systems for a specific time period. You can find the report in the My One Identity Manager > Target system overviews category.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating