Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to Microsoft Exchange

Managing Microsoft Exchange Environments Setting up Microsoft Exchange Synchronization Base Data for Managing Microsoft Exchange Microsoft Exchange Structure Mailboxes E-Mail Users and E-Mail Contacts Mail-enabled Distribution Groups Dynamic Distribution Group Mail-Enabled Public Folder Extensions for Supporting Exchange hybrid Troubleshooting Appendix: Configuration Parameters for Managing a Microsoft Exchange Environment Appendix: Default Project Template for Microsoft Exchange

Base Data for Managing Microsoft Exchange

Base Data for Managing Microsoft Exchange

To manage an Microsoft Exchange environment in One Identity Manager, the following data is relevant.

  • Configuration parameter

    Use configuration parameters to configure the behavior of the system's basic settings. One Identity Manager provides default settings for different configuration parameters. Check the configuration parameters and modify them as necessary to suit your requirements.

    Configuration parameters are defined in the One Identity Manager modules. Each One Identity Manager module can also install configuration parameters. You can find an overview of all configuration parameters in the category Base data | General | Configuration parameters in the Designer.

    For more information, see Appendix: Configuration Parameters for Managing Microsoft Exchange.

  • Account definitions

    One Identity Manager has account definitions for automatically allocating user accounts to employees during working hours. You can create account definitions for every target system. If an employee does not have a user account in the target system, a new user account is created. This is done by assigning account definitions to an employee using the integrated inheritance mechanism followed by process handling.

    For more information, see Setting Up Account Definitions.

  • Target system types

    Target system types are required for configuring target system comparisons. Tables containing outstanding objects are maintained on target system types.

    For more information, see Post-Processing Outstanding Objects.

  • Target system managers

    A default application role exists for the target system manager in the One Identity Manager. Assign this application to employees who are authorized to edit the Microsoft Exchange organizations in One Identity Manager.

    Define other application roles, if you want to limit target system managers' access permissions to individual Microsoft Exchange organizations. The application roles must be added under the default application role.

    For more information, see Target System Managers.

Setting Up Account Definitions

One Identity Manager has account definitions for automatically allocating user accounts to employees during working hours. You can create account definitions for every target system. If an employee does not have a user account in the target system, a new user account is created. This is done by assigning account definitions to an employee using the integrated inheritance mechanism followed by process handling.

The data for the user accounts in the respective target system comes from the basic employee data. The assignment of the IT operating data to the employee’s user account is controlled through the primary assignment of the employee to a location, a department, a cost center, or a business role (template processing). Processing is done through templates. There are predefined templates for determining the data required for user accounts included in the default installation. You can customize templates as required.

For more details about the basics, see the One Identity Manager Target SystemClosed Base Module Administration Guide.

The following steps are necessary to implement an account definition:

Creating an Account Definition

To create a new account definition

  1. Select the category Active Directory | Basic configuration data | Account definitions | Account definitions.

  2. Select an account definition in the result list. Select Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Enter the account definition's master data.
  4. Save the changes.
Detailed information about this topic

Master Data for an Account Definition

Enter the following data for an account definition:

Table 11: Master Data for an Account Definition
Property Description

Account definition

Account definition name.

User account table Table in the One Identity Manager schema which maps user accounts.

Target SystemClosed

Target system to which the account definition applies.

Required account definition

Required account definitions. Define the dependencies between account definitions. When this account definition is requested or assigned, the required account definition is automatically requested or assigned with it.

Enter the account definition of the associated Active Directory domain.

Description

Spare text box for additional explanation.

Manage level (initial)

Manage level to use by default when you add new user accounts.

Risk index

Value for evaluating the risk of account definition assignments to employees. Enter a value between 0 and 1. This property is only visible when the configuration parameter QER\CalculateRiskIndex is set.

For more detailed information, see the One Identity Manager Risk Assessment Administration Guide.

Service item

Service item through which you can request the account definition in the IT Shop. Assign an existing service item or add a new one.

IT Shop

Specifies whether the account definition can be requested through the IT Shop. The account definition can be ordered by an employee over the Web Portal and distributed using a defined approval process. The account definition can still be directly assigned to employees and roles outside the IT Shop.

Only for use in IT Shop

Specifies whether the account definition can only be requested through the IT Shop. The account definition can be ordered by an employee over the Web Portal and distributed using a defined approval process. This means, the account definition cannot be directly assigned to roles outside the IT Shop.

Automatic assignment to employees

Specifies whether the account definition is assigned automatically to all internal employees. The account definition is assigned to every employee not marked as external, on saving. New employees automatically obtain this account definition as soon as they are added.

IMPORTANT: Only set this option if you can ensure that all current internal employees in the database and all pending newly added internal employees obtain a user account in this target system.

Disable this option to remove automatic assignment of the account definition to all employees. The account definition cannot be reassigned to employees from this point on. Existing account definition assignments remain intact.

Retain account definition if permanently disabled

Specifies the account definition assignment to permanently disabled employees.

Option set: the account definition assignment remains in effect. The user account stays the same.

Option not set: the account definition assignment is not in effect.The associated user account is deleted.

Retain account definition if temporarily disabled

Specifies the account definition assignment to temporarily disabled employees.

Option set: the account definition assignment remains in effect. The user account stays the same.

Option not set: the account definition assignment is not in effect.The associated user account is deleted.

Retain account definition on deferred deletion

Specifies the account definition assignment on deferred deletion of employees.

Option set: the account definition assignment remains in effect. The user account stays the same.

Option not set: the account definition assignment is not in effect.The associated user account is deleted.

Retain account definition on security risk

Specifies the account definition assignment to employees posing a security risk .

Option set: the account definition assignment remains in effect. The user account stays the same.

Option not set: the account definition assignment is not in effect.The associated user account is deleted.

Resource type

Resource type for grouping account definitions.

Spare field 01 - spare field 10

Additional company specific information. Use the Designer to customize display names, formats and templates for the input fields.

Related Documents