If IT operating data changes, you must transfer these changes to the existing user accounts. To do this, templates must be rerun on the affected columns. Before you can run the templates, you can check what the effect of a change to the IT operating data has on the existing user accounts. You can decide whether the change is transferred to the database in the case of each affected column in each affected database.
Prerequisites
- OR -
|
NOTE: If the assignment of an employee |
To execute the template
Select the category Active Directory | Basic configuration data | Account definitions | Account definitions.
This displays a list of all user account, which are created through the selected account definition and whose properties are changed by modifying the IT operating data.
Old value | Current value of the object property. |
New value | Value applied to the object property after modifying the IT operating data. |
Selection | Specifies whether the modification is applied to the user account. |
The templates are applied to all selected user accounts and properties.
Account definitions are assigned to company employees. Indirect assignment is the default method for assigning account definitions to employees. Account definitions are assigned to departments, cost centers, locations or roles. The employees are categorized into these departments, cost centers, locations or roles depending on their function in the company and thus obtain their account definitions. To react quickly to special requests, you can assign individual account definitions directly to employees. You can automatically assign special account definitions to all company employees. It is possible to assign account definitions to the IT Shop as requestable products. A department manager can then request user accounts from the Web Portal for his staff. It is also possible to add account definitions to system roles. These system roles can be assigned to employees through hierarchical roles or directly or added as products in the IT Shop.
In the One Identity Manager default installation, the processes are checked at the start to see if the employee already has a user account in the target system that has an account definition. If no user account exists, a new user account is created with the account definition’s default manage level.
|
Note: If a user account already exists and is disabled, then it is re-enabled. You have to alter the user account manage level afterwards in this case. |
For detailed information about preparing role classes to be assigned, see the One Identity Manager Identity Management Base Module Administration Guide.
To add account definitions to hierarchical roles
Select the category Active Directory | Basic configuration data | Account definitions | Account definitions.
- OR -
Remove the organizations from Remove assignments.
Installed Modules: |
Business Roles Module |
To add account definitions to hierarchical roles
Select the category Active Directory | Basic configuration data | Account definitions | Account definitions.
- OR -
Remove business roles in Remove assignments.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy