Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - One Identity Enterprise Access Management Console Administration Guide

Preface Overview Authenticating to EAM Console and Managing Protection Modes Searching the Directory Tree Managing administrators Managing Security Profiles
Managing time slices Managing Password Format Control Policies Managing User Security Profiles Managing Access Point Security Profiles Managing Application Security Profiles Defining Security Profiles Default Values Managing User and Access Point Security Profiles Priorities
Managing directory objects
Managing applications Managing users Managing access points Managing representative objects Managing clusters of access points Selecting a domain controller
Importing/Exporting security profiles and directory objects Managing smart cards Managing SA server devices Managing RFID tokens Managing biometrics Managing Mobile Devices Enabling the public key authentication method Managing Emergency Accesses Managing audit events Managing reports Customizing configuration files Creating scripts Basic syntax of regular expressions Listing audit events and error codes Correspondence between profiles and administration rights Report Models and Parameters List Custom Group Files Format

Transferring an Administration Role

Transferring an Administration Role

Subject

Transferring an administration role consists in transferring to a user an administration role. The user who transfers his administration role is no longer administrator.

NOTE: For more details on the administration profiles inheritance mechanisms, see Section Administration Role Inheritance.
Before starting
  • The user for which you want to transfer administration role must be created in the directory.
  • To perform this task, you must have at least the following administration role:
    • In classic administration mode: "Authorize propagation of administration rights" and one of the following profiles: "Security object administrator" or "Access administrator" or "Rights administrator".
    • In advanced administration mode, your role must contain the following administration right: "Administration profile: Delegation".

Procedure

  1. In the tree structure of the Directory panel, select the administrator for which you want to transfer the administration role.
  2. In the Administration tab, click Transfer.
    • The user selection window appears.
  1. Select the user for which you want to transfer the administration role of the selected user: use the Browse tab to browse the directory tree structure or use the Search tab to find the user according to its name.
  1. Click OK.
    • The administration role of the administrator is deleted and transferred to the selected user.

Deleting an Administration Role

Deleting an Administration Role

Subject

Deleting an administration role consists in removing the administration role of a user.

NOTE: If the deleted administration role is a parent role, the parent administrator of the deleted administrator becomes the parent administrator.
Before starting

You must be a parent administrator to perform this task.

Procedure

  1. In the tree structure of the Directory panel, select the user for which you want to delete his administration role.
  2. In the Administration tab, click Delete.
    • The administration profile of the user is deleted.

 

Displaying your Administration Role

Displaying your Administration Role

Subject

At any time, you can display your administration role to have more information on your administration profiles (and administration rights, if you are working in advanced administration mode), your administration perimeter, your parent administrator…

Procedure

  1. In the File menu, click Administration Profile/Current profile.
    • The current profile tab appears.

Classic administration mode

Advanced administration mode

  1. From this window, click the wanted tab to display the following information:
    • The Current profile tab appears:
      • Your parent administrator (not defined if this involves the security module or pass-phrase).
      • Your LDAP directory administration perimeter.
      • Your administration profiles.
        In advanced administration mode, the Show rights button allows you to display the administration rights corresponding to the displayed profiles.
    • The Profile propagation tree tab allows you to display your parent administrator and your direct child administrators, if any. As a super administrator, this tab displays all the levels of the propagation tree.
    • The Administered applications tab displays the list of applications for which you have administration rights.
    • The Administered users tab displays the list of users for which you have administration rights.

Modifying the Parent Administrator

Modifying the Parent Administrator

Subject

By default, the administrator who creates an administration profile is the parent administrator of this profile. The following procedure explains how to change the parent administrator.

Before starting

You must be a parent administrator to perform this task.

Procedure

  1. In the tree structure of the Directory panel, select the user for which you want to change the parent administrator.
  2. In the Administration Profile tab, click Set Parent Administrator.
    • The user selection window appears.
  3. Select the new parent administrator: use the Browse tab to browse the directory tree structure or use the Search tab to find the user according to its name.
  4. Click OK.
Related Documents