Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to Custom Target Systems

Managing Custom Target Systems Setting up Script Controlled Data Provisioning in a Custom Target System Base Data for Custom Target Systems Setting up a Custom Target System Container Structures in a Custom Target System User Accounts in a Custom Target System Groups in a Custom Target System Entering Permissions Controls Reports about Custom Target Systems Appendix: Configuration Parameters for Managing Custom Target Systems

Groups in a Custom Target System

Groups in a Custom Target System

Groups map the objects that control access to target system resources in the target systems. A user receives access to target system resources through group memberships and access permissions.

To edit group master data

  1. Select the category Custom target systems | <target system> | Groups.
  2. Select the group in the result list and run Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit a group's master data.
  4. Save the changes.
Detailed information about this topic

Group Master Data

Group Master Data

Enter the following master data for a group.

Table 31: Entering Master Data for a Group

Property

Description

Name

Group name.

Canonical name

The canonical name is generated automatically and should not be changed.

Distinguished name

The distinguished name is determined using a template and must not be changed.

Display name

The display name is used to display the group in the One Identity Manager tools user interface.

Container

Container in which to create the group.

Service item

Service item data for requesting the group through the IT Shop.

Risk index

Value for evaluating the risk of assigning the group to user accounts. Enter a value between 0 and 1. This property is only visible when the configuration parameter QER\CalculateRiskIndex is set.

For more detailed information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide.

Category

 Categories for group inheritance. Groups can be selectively inherited by user accounts. To do this, groups and user accounts are divided into categories. Use this menu to allocate one or more categories to the group.

Description

Spare text box for additional explanation.

IT Shop

Specifies whether the group can be requested through the IT Shop. This group can be requested by staff through the Web Portal and granted through a defined approval process. The group can still be assigned directly to hierarchical roles.

Only for use in IT Shop

Specifies whether the group can only be requested through the IT Shop. This group can be requested by staff through the Web Portal and granted through a defined approval process. The group may not be assigned directly to hierarchical roles.

Related Topics
  • Group Inheritance Based on Categories
  • For more detailed information about preparing groups for requesting through the IT Shop, see the One Identity Manager IT Shop Administration Guide.

Assigning Group to User Accounts

Assigning Group to User Accounts

Groups can be assigned directly or indirectly to user accounts. In the case of indirect assignment, employees and groups are assigned to hierarchical roles, such as , departments, cost centers, locations or business roles. The groups assigned to an employee are calculated from the position in the hierarchy and the direction of inheritance.

If you add an employee to roles and that employee owns a user account in a target system, the user account is added to the group. Prerequisites for indirect assignment of employees to user accounts:

  • Direct assignment of employees and groups of custom target systems is permitted for role classes (department, cost center, location or business role).
  • The user accounts are marked with the option Groups can be inherited.

Furthermore, groups can be assigned to employees through IT Shop requests. Add employees to a shop as customers so that groups can be assigned through IT Shop requests. All groups are assigned to this shop can be requested by the customers. Requested groups are assigned to the employees after approval is granted.

For more detailed information about inheriting company resources, see the One Identity Manager Identity Management Base Module Administration Guide.

Related Topics

Assigning Groups to Departments, Cost Centers and Locations

Assigning Groups to Departments, Cost Centers and Locations

Assign a group to departments, cost centers or locations so that the group can be inherited by user accounts through these organizations.

To assign a group to departments, cost centers or locations (non role-based login)

  1. Select the category Custom target systems | <target system> | Groups.
  2. Select the group in the result list.
  3. Select Assign organizations.

  4. Assign organizations in Add assignments.

    • Assign departments on the Departments tab.
    • Assign locations on the Locations tab.
    • Assign cost centers on the Cost center tab.

    - OR -

    Remove the organizations from Remove assignments.

  5. Save the changes.

To assign groups to a department, cost center or location (role-based login)

  1. Select the category Organizations | Departments.

    - OR -

    Select the category Organizations | Cost centers.

    - OR -

    Select the category Organizations | Locations.

  2. Select the department, cost center or location in the result list.
  3. Select Assign custom target system groups.
  4. Assign groups in Add assignments.

    - OR -

    Remove assignments to groups in Remove assignments.

  5. Save the changes.
Related Documents