Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to LDAP

Managing LDAP Environments Setting up LDAP Directory Synchronization Basic Configuration Data LDAP Domains LDAP User Accounts LDAP Groups LDAP Container Structures LDAP Computers Reports about LDAP Objects Appendix: Configuration Parameters for Managing LDAP Appendix: Default Project Template for LDAP Appendix: Authentication Modules for Logging into the One Identity Manager

Assigning LDAP User Accounts directly to an LDAP Group

Assigning LDAP User Accounts directly to an LDAP Group

Groups can be assigned directly or indirectly to user accounts. Indirect assignment is carried out by allocating the employee and groups in company structures, like departments, cost centers, locations or business roles. If the employee has a user account in LDAP, the groups in the role are inherited by this user account.

To react quickly to special requests, you can assign groups directly to user accounts.

NOTE: User accounts cannot be manually added to dynamic groups. Memberships in a dynamic group are determined through the condition of the dynamic group.

To assign a group directly to user accounts

  1. Select the category LDAP | Groups.
  2. Select the group in the result list.
  3. Select Assign user accounts in the task view.
  4. Assign user accounts in Add assignments.

    The view- OR -

    Remove user accounts from Remove assignments.

  5. Save the changes.
Related Topics

Assigning LDAP Computers Directly to an LDAP Group

Assigning LDAP Computers Directly to an LDAP Group

Groups can be assigned directly or indirectly to a computer. Indirect assignment is carried out by allocating the device with which a computer is connected and groups to company structures, like departments, cost centers, locations or business roles.

To react quickly to special requests, you can assign groups directly to computers.

NOTE: Computers cannot be manually added to dynamic groups. Memberships in a dynamic group are determined through the condition of the dynamic group.

To assign a group directly to computers

  1. Select the category LDAP | Groups.
  2. Select the group in the result list.
  3. Select the Assign computers in the task view.
  4. Assign computers in Add assignments.

    - OR -

    Remove the computers in Remove assignments.

  5. Save the changes.
Related Topics

Adding LDAP Groups to System Roles

Adding LDAP Groups to System Roles

Installed Modules: System Roles Module

Use this task to add a group to system roles. If you assign a system role to employees, all the employees' user accounts inherit the group.

NOTE: Groups with the option Only use in IT Shop can only be assigned to system roles that also have this option set. For more detailed information, see the .One Identity Manager System Roles Administration Guide

To assign a group to system roles

  1. Select the category LDAP | Groups.
  2. Select the group in the result list.
  3. Select Assign system roles in the task view.
  4. Assign system roles in Add assignments.

    - OR -

    Remove system roles from Remove assignments.

  5. Save the changes.
Related Topics

Adding LDAP Groups to the IT Shop

Adding LDAP Groups to the IT Shop

Once a group has been assigned to an IT Shop shelf, it can be requested by the shop customers. To ensure it can be requested, further prerequisites need to be guaranteed.

  • The group must be labeled with the option IT Shop.
  • The group must be assigned to a service item.
  • The group must be labeled with the option Only use in IT Shop if the group can only be assigned to employees through IT Shop requests. Direct assignment to hierarchical roles may not be possible.

NOTE: IT Shop administrators can assign groups to IT Shop shelves in the case of role-based login. Target system administrators are not authorized to add groups in the IT Shop.

To add a group to the IT Shop

  1. Select the category LDAP | Groups (non role-based login).

    - OR -

    Select the category Entitlements | LDAP groups ((role-based login).

  2. Select the group in the result list.
  3. Select Add to IT Shop in the task view.
  4. Assign the group to the IT Shop shelves in Add assignments.
  5. Save the changes.

To remove a group from individual IT Shop shelves.

  1. Select the category LDAP | Groups (non role-based login).

    - OR -

    Select the category Entitlements | LDAP groups ((role-based login).

  2. Select the group in the result list.
  3. Select Add to IT Shop in the task view.
  4. Remove the group from the IT Shop shelves in Remove assignments.
  5. Save the changes.

To remove a group from all IT Shop shelves.

  1. Select the category LDAP | Groups (non role-based login).

    - OR -

    Select the category Entitlements | LDAP groups ((role-based login).

  2. Select the group in the result list.
  3. Select Remove from all shelves (IT Shop) in the task view.
  4. Confirm the security prompt with Yes.
  5. Click OK.

    This removes the group from all One Identity Manager Service shelves. All requests and assignment requests with this group are canceled in the process.

For more detailed information about request from company resources through the IT Shop, see the One Identity Manager IT Shop Administration Guide.

Related Topics
Related Documents