Groups map the objects that control access to target system resources in the target systems. A user receives access to target system resources through group memberships and access permissions.
To edit group master data
- OR -
Click in the result list toolbar.
Enter the following master data for a group.
Property |
Description |
---|---|
Name |
Group name. |
Canonical name |
The canonical name is generated automatically and should not be changed. |
Distinguished name |
The distinguished name is determined using a template and must not be changed. |
Display name |
The display name is used to display the group in the One Identity Manager tools user interface. |
Container |
Container in which to create the group. |
Service item |
Service item data for requesting the group through the IT Shop. |
Risk index |
Value for evaluating the risk of assigning the group to user accounts. Enter a value between 0 and 1. This property is only visible when the configuration parameter QER\CalculateRiskIndex is set. For more detailed information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide. |
Category |
Categories for group inheritance. Groups can be selectively inherited by user accounts. To do this, groups and user accounts are divided into categories. Use this menu to allocate one or more categories to the group. |
Description |
Spare text box for additional explanation. |
IT Shop |
Specifies whether the group can be requested through the IT Shop. This group can be requested by staff through the Web Portal and granted through a defined approval process. The group can still be assigned directly to hierarchical roles. |
Only for use in IT Shop |
Specifies whether the group can only be requested through the IT Shop. This group can be requested by staff through the Web Portal and granted through a defined approval process. The group may not be assigned directly to hierarchical roles. |
Groups can be assigned directly or indirectly to user accounts. In the case of indirect assignment, employees and groups are assigned to hierarchical roles, such as , departments, cost centers, locations or business roles. The groups assigned to an employee are calculated from the position in the hierarchy and the direction of inheritance.
If you add an employee to roles and that employee owns a user account in a target system, the user account is added to the group. Prerequisites for indirect assignment of employees to user accounts:
Furthermore, groups can be assigned to employees through IT Shop requests. Add employees to a shop as customers so that groups can be assigned through IT Shop requests. All groups are assigned to this shop can be requested by the customers. Requested groups are assigned to the employees after approval is granted.
For more detailed information about inheriting company resources, see the One Identity Manager Identity Management Base Module Administration Guide.
Assign a group to departments, cost centers or locations so that the group can be inherited by user accounts through these organizations.
To assign a group to departments, cost centers or locations (non role-based login)
Assign organizations in Add assignments.
- OR -
Remove the organizations from Remove assignments.
To assign groups to a department, cost center or location (role-based login)
- OR -
Select the category Organizations | Cost centers.
- OR -
Select the category Organizations | Locations.
- OR -
Remove assignments to groups in Remove assignments.
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy