AdminP Request Master Data
AdminP Request Master Data
Properties of synchronized AdminP requests are displayed in the Manager.
To display the master data of a request document
- Select the category IBM Notes | Hierarchical view | <domain> | Administration requests | <filter> | <object> | <action>.
| Property | Description |
|---|---|
| Action | Action to be executed by the AdminP request. |
| Executing server | Server to execute the request. |
| Target | Name of the object to which the action will be applied. |
| Author | Name of the AdminP request author. |
| Database file | File name of the database to be processed. |
| Approval code | Specifies whether the AdminP request has been approved by an administrator. |
| Change label | Specifies whether the AdminP request was changed. |
To display the master data of an response document
- Select the category IBM Notes | Hierarchical view | <domain> | Administration requests | <filter> | <object> | <action>.
- Select the response document in the result list.
| Property | Description |
|---|---|
| Action | Action that was executed by the AdminP request. |
| request document | Unique ID for the associated request document |
| Target | Name of the object that was processed. |
| Author | Name of the AdminP request author. |
| Executing server | Server that executed the request. |
| Employee on | Creation date of the request. |
| Database file | File name of the database processed. |
| Error code | Specifies whether errors occurred while processing AdminP requests. |
Reports about Notes Domains
Reports about Notes Domains
One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects.The following reports are available for Notes domains.
| Report | Description |
|---|---|
| Overview of all assignments (domain) | This report find all roles containing employees with at least one user account in the selected domain. |
| Overview of all assignments (certificate) | The report shows all roles containing employees whose Notes user account was created with the selected certificate. |
| Overview of all assignments (group) | This report finds all roles containing employees with the selected group. |
| Show orphaned user accounts | This report shows all user accounts in the domain, which are not assigned to an employee. The report contains group memberships and risk assessment. |
| Show unused user accounts | This report shows all user accounts in the domain, which have not been used in the last few months. The report contains group memberships and risk assessment. |
| Show entitlement drifts | This report shows all groups in the domain that are the result of manual operations in the target system rather than using the One Identity Manager. |
| Show user accounts with an above average number of system entitlements | This report contains all user accounts in the domain with an above average number of group memberships. |
| Show employees with multiple user accounts | This report shows all employees with more than one Notes user account in the domain. The report contains a risk assessment. |
| IBM Notes user account and group administration | This report contains a summary of user account and group distribution in all Notes domains. You can find the report in the category My One Identity Manager | Target system overviews. |
| Data quality summary for IBM Notes user accounts | This report contains different evaluations of user account data quality in all Notes domains. You can find the report in the category My | Data quality analysisOne Identity Manager. |
Overview of all Assignments
Overview of all Assignments
The report "Overview of all Assignments" is displayed for certain objects, for example, permissions, compliance rules or roles. The report finds all the roles, for example, departments, cost centers, locations, business roles and IT Shop structures in which there are employee who own the selected base object. In this case, direct as well as indirect base object assignments are included.
Example
- If the report is created for a resource, all roles are determined in which there are employees with this resource.
- If the report is created for a group, all roles are determined in which there are employees with this group.
- If the report is created for a compliance rule, all roles are determined in which there are employees with this compliance rule.
- If the report is created for a department, all roles are determined in which employees of the selected department are also members.
- If the report is created for a business role, all roles are determined in which employees of the selected business role are also members.
To display detailed information about assignments
- To display the report, select the base object from the navigation or the result list and select the report Overview of all assignments.
- Use the
Used by button in the report's toolbar to select the role class (department, location, business role or IT Shop structure) for which you determine if roles exist in which there are employees with the selected base object.
All the roles of the selected role class are shown. The color coding of elements identifies the role in which there are employees with the selected base object. The meaning of the report control elements is explained in a separate legend. In the report's toolbar, click
to open the legend.
- Double-click a control to show all child roles belonging to the selected role.
- By clicking the
button in a role's control, you display all employees in the role with the base object.
- Use the small arrow next to
Figure 3: Toolbar for Report "Overview of all assignments"
| Icon | Meaning |
|---|---|
| |
Show the legend with the meaning of the report control elements |
 |
Saves the current report view as a graphic. |
| |
Selects the role class used to generate the report. |
|
|
Displays all roles or only the affected roles. |
Appendix: Configuration Parameters for Synchronization with a Notes Domain
Appendix: Configuration Parameters for Synchronization with a Notes Domain
The following configuration parameters are additionally available in One Identity Manager after the module has been installed.
| Configuration parameter | Meaning if Set |
|---|---|
| TargetSystem\NDO | Preprocessor relevant configuration parameter for controlling the database model components for the administration of the target system IBM Notes. If the parameter is set, the target system components are available. Changes to the parameter require recompiling the database. |
| TargetSystem\NDO\Accounts | Parameter for configuring Notes user account data. |
| TargetSystem\NDO\Accounts\InitialRandomPassword |
This configuration parameter specifies whether a random generated password is issued when a new user account is added. The password must contain at least those character sets that are defined in the password policy. |
| TargetSystem\NDO\Accounts\InitialRandomPassword\SendTo | Specifies to which employee the email with the random generated password should be sent (manager cost center/department/location/role, employee’s manager or XUserInserted). If no recipient can be found, the password is sent to the address stored in the configuration parameter "TargetSystem\NDO\DefaultAddress". |
| TargetSystem\NDO\Accounts\InitialRandomPassword\SendTo\MailTemplateAccountName |
This configuration parameter contains the name of the mail template sent to inform users about their initial login data (name of the user account). Use the mail template "Employee - new account created". |
| TargetSystem\NDO\Accounts\InitialRandomPassword\SendTo\MailTemplatePassword |
This configuration parameter contains the name of the mail template sent to inform users about their initial login data (initial password). Use the mail template "Employee - initial password for new user account". |
| TargetSystem\NDO\Accounts\MailTemplateDefaultValues |
This configuration parameter contains the mail template used to send notifications if default IT operating data mapping values are used for automatically creating a user account. Use the mail template "Employee - new user account with default properties created". |
|
TargetSystem\NDO\BuildShortnameFullSync |
This configuration parameter specifies whether short names are created for employee documents during synchronization, which do not have short names in IBM Notes. If this parameter is set, short names are created. If the parameter is set, short names are created.If not, user accounts without a short name cannot be added to the One Identity Manager database. |
| TargetSystem\NDO\CreateMailDB | This configuration parameter specifies whether the mailbox is created after or while the Notes user is registering with the target system. If the configuration parameter is set, the mailbox is created during registration. This uses the template of the Notes server on which the user is registered.
If the configuration parameter is not set (default), the mailbox is created after the Notes user has registered. This uses the template given in the user account or in the configuration parameter "TargetSystem\NDO\DefTemplatePath". |
| TargetSystem\NDO\DefaultAddress |
The configuration parameter contains the recipient's default email address for sending notifications about actions in the target system. |
| TargetSystem\NDO\DefTemplatePath | Default template for adding the mailbox files on a Notes server. |
| TargetSystem\NDO\DenyAccessGroups | Parameter for configuring the denied access groups for locking user accounts. |
| TargetSystem\NDO\DenyAccessGroups\Memberlimit | Specifies the maximum number of members per denied access group. When this limit is reached, another denied access group is created automatically. |
| TargetSystem\NDO\DenyAccessGroups\Prefix | Prefix used for formatting the group name for a denied access group. |
| TargetSystem\NDO\IsNorthAmerican | Specifies whether the newly created ID files are compatible with the American (US) and Canadian IBM Notes version. If this parameter is set, all new user ID files are calculated with North American encryption strength. |
| TargetSystem\NDO\MailBoxAnonymPre | Prefix for user account anonymity. |
| TargetSystem\NDO\MailFilePath | Directory on the mail server, in which the user account's mailbox files are stored. |
|
TargetSystem\NDO\MaxFullsyncDuration |
This configuration parameter contains the maximum runtime for synchronization. No recalculation of group memberships by the DBQueue Processor can take place during this time. If the maximum runtime is exceeded, group membership are recalculated. |
| TargetSystem\NDO\MinPasswordLength | Specifies the minimum password length that is set in all newly calculated user ID files. |
|
TargetSystem\NDO\PersonAutoDefault |
This configuration parameter specifies the mode for automatic employee assignment for user accounts added to the database outside synchronization. |
|
TargetSystem\NDO\PersonAutoFullsync |
This configuration parameter specifies the mode for automatic employee assignment for user accounts added to or updated in the database through synchronization. |
|
TargetSystem\NDO\PersonExcludeList |
List of all user accounts for which automatic employee assignment should not take place. Names given in a pipe (|) delimited list that is handled as a regular search pattern. |
| TargetSystem\NDO\StoreIDInAddressbook | This configuration parameter control the behavior of ID files for new user accounts. If the configuration parameter is set, the ID files are attached to the employee document. If this configuration parameter is no set, the ID file is stored on the gateway server. |
| TargetSystem\NDO\TempNetworkPath | Temporary directory in which newly created ID files and personal address books are stored. |
| TargetSystem\NDO\UpdateAddressbook | If the configuration is set, entries in the Domino Directory are added when new user ID files are created. |
| TargetSystem\NDO\UserType | This configuration parameter specifies the type of user, which results from registering. |
|
TargetSystem\NDO\VerifyUpdates |
This configuration parameter specifies whether modified properties are checked by updating. If this parameter is set, the objects in the target system are verified after every update. |