Enter the following master data:
| Property | Description |
|---|---|
|
Distinguished name |
Distinguished name of the group. The distinguished name is determined by template from the name of the group and the container and cannot be edited. |
|
Name |
Group identifier |
|
Display name |
The display name is used to display the group in the One Identity Manager tools user interface. |
|
Domain |
Domain in which to create the group. |
|
Container |
Container in which to create the group. |
| Administrator | The group administrator. |
|
Service item |
Service item data for requesting the group through the IT Shop. |
| Business unit | Business unit to which the group is assigned. |
| See Also | Link to another LDAP object. |
| Structural object class |
Structural object class representing the object type. By default, containers in One Identity Manager are added with the object class "GROUPOFNAMES". |
|
Object class |
List of classes defining the attributes for this object. By default, containers in One Identity Manager are added with the object class "GROUPOFNAMES". However, you can add object classes and auxiliary classes in the input field that are used by other LDAP and X.500 directory services. |
|
Risk index |
Value for evaluating the risk of assigning the group to user accounts. Enter a value between 0 and 1. This property is only visible when the configuration parameter QER\CalculateRiskIndex is set. For more detailed information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide. |
|
Category |
Categories for group inheritance. Groups can be selectively inherited by user accounts. To do this, groups and user accounts are divided into categories. Use this menu to allocate one or more categories to the group. |
|
Description |
Spare text box for additional explanation. |
| Condition | LDAP filter for finding memberships in a dynamic groups. |
| Dynamic group | Specifies whether this is a dynamic group. |
|
IT Shop |
Specifies whether the group can be requested through the IT Shop. This group can be requested by staff through the Web Portal and granted through a defined approval process. The group can still be assigned directly to hierarchical roles. |
|
Only for use in IT Shop |
Specifies whether the group can only be requested through the IT Shop. This group can be requested by staff through the Web Portal and granted through a defined approval process. The group may not be assigned directly to hierarchical roles. |
You can assign groups directly and indirectly to user account, workdesks and devices. Employees (workdesks, devices) and groups are grouped into hierarchical roles in the case of indirect assignment. The number of groups assigned to an employee (workdesk or device) From the position within the hierarchy and is calculated from the position within the hierarchy and inheritance direction.
If you add an employee to roles and that employee owns a user account, the user account is added to the group. Prerequisites for indirect assignment of employees to user accounts are:
If you add a device to roles, the computer, which references the device, is added to the group. Prerequisites for indirect assignment to computers are:
If a device owns a workdesk and you add the workdesk to roles, the computer, which references this device, is also added to all groups of the workdesk's roles. Prerequisites for indirect assignment to computers through workdesks are:
Furthermore, groups can be assigned to employees through IT Shop requests. Add employees to a shop as customers so that groups can be assigned through IT Shop requests. All groups are assigned to this shop can be requested by the customers. Requested groups are assigned to the employees after approval is granted.
Assign the group to departments, cost centers and locations so that the group can be assigned to user accounts, contacts and computers through these organizations.
To assign a group to departments, cost centers or locations (non role-based login)
Assign organizations in Add assignments.
- OR -
Remove the organizations from Remove assignments.
To assign groups to a department, cost center or location (role-based login)
- OR -
Select the category Organizations | Cost centers.
- OR -
Select the category Organizations | Locations.
- OR -
Remove assignments to groups in Remove assignments.
| Installed Modules: | Business Roles Module |
Assign the group to business roles so that it is assigned to user accounts, contacts and computers through this business role.
To assign a group to a business role (non role-based login)
Assign business roles in Add assignments.
- OR -
Remove business roles from Remove assignments.
To assign groups to a business role (non role-based login)
- OR -
Remove assignments to groups in Remove assignments.
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy
