Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to IBM Notes

Managing IBM Notes Environments Setting up IBM Notes Synchronization Basic Configuration Data Notes Domains Notes Certificates Notes Templates Notes Policies Notes User Accounts Notes Groups Mail-In Databases Notes Servers Using AdminP Requests for Handling IBM Notes Processes Reports about Notes Domains Appendix: Configuration Parameters for Synchronization with a Notes Domain Appendix: Default Project Template for IBM Notes

Assigning Administrators

Assigning Administrators

Specify which user accounts and groups are allowed to administrate the selected user account.

To specify user accounts as administrators

  1. Select the category IBM Notes | User accounts.
  2. Select the user account in the result list.
  3. Select Assign administrators in the task view.
  4. Select the User tab.
  5. Assign user accounts in Add assignments.

    - OR -

    Remove user accounts in Remove assignments.

  6. Save the changes.

To specify groups as administrators

  1. Select the category IBM Notes | User accounts.
  2. Select the user account in the result list.
  3. Select Assign administrators in the task view.
  4. Select the Groups tab.
  5. Assign groups in Add assignments.

    - OR -

    Remove groups in Remove assignments.

  6. Save the changes.

Maintaining Additional and Excluded Lists

Maintaining Additional and Excluded Lists

Use this task to add the user account to additional and excluded lists for dynamic groups.

To add a user account to a dynamic group's additional list

  1. Select the category IBM Notes | User accounts.
  2. Select the user account in the result list.
  3. Select Maintain excluded and additional in the task view.
  4. Select the Additional tab.
  5. Assign the groups in whose additional list the user account is to be a member in Add assignments.

    - OR -

    Remove groups in Remove assignments.

  6. Save the changes.

To add a user account to a dynamic group's excluded list

  1. Select the category IBM Notes | User accounts.
  2. Select the user account in the result list.
  3. Select Maintain excluded and additional in the task view.
  4. Select the Excluded tab.
  5. Assign the groups in whose excluded list the user account is to be a member in Add assignments.

    - OR -

    Remove groups in Remove assignments.

  6. Save the changes.
Related Topics

Assigning Extended Properties

Assigning Extended Properties

Extended properties are meta objects that cannot be mapped directly in the One Identity Manager, for example, operating codes, cost codes or cost accounting areas.

To specify extended properties for a user account

  1. Select the category IBM Notes | User accounts.
  2. Select the user account in the result list.
  3. Select Assign extended properties in the task view.
  4. Assign extended properties in Add assignments.

    - OR -

    Remove extended properties from Remove assignments.

  5. Save the changes.

For more detailed information about setting up extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.

Automatic Assignment of Employees to User Accounts

Automatic Assignment of Employees to User Accounts

Table 42: Configuration Parameters for Synchronizing a Notes Domain
Configuration parameter Meaning

TargetSystem\NDO\PersonAutoFullsync

This configuration parameter specifies the mode for automatic employee assignment for user accounts added to or updated in the database through synchronization.

TargetSystem\NDO\PersonAutoDefault

This configuration parameter specifies the mode for automatic employee assignment for user accounts added to the database outside synchronization.

TargetSystem\NDO\PersonExcludeList

List of all user accounts for which automatic employee assignment should not take place. Names given in a pipe (|) delimited list that is handled as a regular search pattern.

When you add a user account, an existing employee can be assigned automatically or added if necessary. In the process, the employee master data is created based for existing user master data. This mechanism can follow on after a new user account has been created manually or through synchronization. Define criteria for finding employees to apply to automatic employee assignment. If a user account is linked to an employee through the current mode, the user account is given, through an internal process, the default manage level of the account definition entered in the user account's target system. You can customize user account properties depending on how the behavior of the manage level is defined.

If you run this procedure during working hours, automatic assignment of employees to user accounts takes place from that moment onwards. If you disable the procedure again later, the changes only affect user accounts added or updated after this point in time. Existing employee assignment to user accounts remain intact.

NOTE: It is not recommended to assign employees using automatic employee assignment in the case of administrative user accounts. Use the task Change master data to assign employees to administrative user account for the respective user account.

Run the following tasks to assign employees automatically.

  • If employees can be assigned by user accounts during synchronization, set the parameter "TargetSystem\NDO\PersonAutoFullsync" in the Designer and select the required mode.
  • If employees can be assigned by user accounts outside synchronization, set the parameter "TargetSystem\NDO\PersonAutoDefault" in the Designer and select the required mode.
  • Specify the user accounts in the configuration parameter "TargetSystem\NDO\PersonExcludeList" which must not be assigned automatically to employees.

    Example:

    Administrator

  • Assign an account definition to the domain. Ensure the manage level to be used is entered as default manage level.
  • Define the search criteria for employees assigned to the domain.

NOTE:

The following applies for synchronization:

  • Automatic employee assignment takes effect if user accounts are added or updated.

The following applies outside synchronization:

  • Automatic employee assignment takes effect if user accounts are added.

NOTE: Following synchronization, employees are automatically created for user accounts in the default installation. If there are no account definitions for the domain at the time of synchronization, user accounts are linked to employees. However, account definitions are not assigned. The user accounts are, therefore, in a "Linked" state.

To select user accounts through account definitions

  1. Create an account definition.
  2. Assign an account definition to the domain.
  3. Assign the account definition and manage level to the user accounts in a "linked" state.
    1. Select the category IBM Notes | User accounts | Linked but not configured | <Domain>.
    2. Select the task Assign account definition to linked accounts.

For more detailed information about assigning employees automatically, see the One Identity Manager Target SystemClosed Base Module Administration Guide.

Related Topics
Related Documents