Assigning Extended Properties
Assigning Extended Properties
Extended properties are meta objects that cannot be mapped directly in the One Identity Manager, for example, operating codes, cost codes or cost accounting areas.
To specify extended properties for a user account
- Select the category SharePoint | User accounts (group authenticated) or SharePoint | User accounts (user authenticated).
- Select the user account in the result list.
- Select Assign extended properties in the task view.
- Assign extended properties in Add assignments.
- OR -
Remove extended properties from Remove assignments.
- Save the changes.
Detailed information about this topic
- One Identity Manager Identity Management Base Module Administration Guide
Using Custom Authentication Modes
Using Custom Authentication Modes
When user accounts are added, the values of various master data are determined using templates. The One Identity Manager tries to identify and classify an authentication object using user account properties during synchronization. To use custom authentication modes the templates of different columns must be modified if necessary. Create custom templates so that authentication modes can be assigned automatically to user accounts and the login names can be correctly formatted.
To use custom authentication modes
- Modify the template for the column SPSUser.UID_SPSAuthSystem (authentication mode) in the Designer.
- Test the template of columns SPSUser.ObjectKeyNamespaceItem (authentication modes) and SPSUser.LoginName (login name) and modify them if necessary.
Detailed information about this topic
- Authentication Modes
- One Identity Manager Configuration Guide
Automatic Assignment of Employees to SharePoint User Accounts
Automatic Assignment of Employees to SharePoint User Accounts
| Configuration parameter | Meaning |
|---|---|
|
TargetSystem\SharePoint\PersonAutoFullSync |
This configuration parameter specifies the mode for automatic employee assignment for user accounts added to or updated in the database through synchronization. |
|
TargetSystem\SharePoint\PersonAutoDefault |
This configuration parameter specifies the mode for automatic employee assignment for user accounts added to the database outside synchronization. |
When you add a
If you run this procedure during working hours, automatic assignment of employees to user accounts takes place from that moment onwards. If you disable the procedure again later, the changes only affect user accounts added or updated after this point in time. Existing employee assignment to user accounts remain intact.
|
|
NOTE: It is not recommended to assign employees using automatic employee assignment in the case of administrative user accounts. Use the task Change master data to assign employees to administrative user account for the respective user account. |
Prerequisites:
- The option Group authenticated is not set in the user accounts.
- The user accounts are not assigned an authentication object
Run the following tasks to assign employees automatically.
- If employees can be assigned by user accounts during synchronization, set the parameter "TargetSystem\SharePoint\PersonAutoFullsync" in the Designer and select the mode.
- If employees can be assigned by user accounts during synchronization, set the parameter "TargetSystem\SharePoint\PersonAutoDefault" in the Designer and select the mode.
- Assign an account definition to the site collection. Ensure the manage level to be used is entered as default manage level.
- Define the search criteria for employees assigned to the site collection.
|
|
NOTE: The following applies for synchronization:
The following applies outside synchronization:
|
Detailed information about this topic
- For more information, see the One Identity Manager Target System
An instance of a target system in which the employees managed by One Identity Manager have access to network resources. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". Base Module Administration Guide.
Related Topics
- Creating an Account Definition
- Assigning Account Definitions to a Target System
- Editing Search Criteria for Automatic Employee Assignment
Editing Search Criteria for Automatic Employee Assignment
Editing Search Criteria for Automatic Employee Assignment
Criteria for employee assignment are defined in the
Search criteria are evaluated when employees are automatically assigned to user accounts. Furthermore, you can create a suggestion list for assignments of employees to user accounts based on the search criteria and make the assignment directly.
|
|
NOTE: When the employees are assigned to user accounts on the basis of search criteria, user accounts are given the default manage level of the account definition entered in the user account's target system. You can customize user account properties depending on how the behavior of the manage level is defined. It is not recommended to make assignment to administrative user accounts based on search criteria. Use the task Change master data to assign employees to administrative user account for the respective user account. |
|
|
NOTE: One Identity Manager supplies a default mapping for employee assignment. Only carry out the following steps when you want to customize the default mapping. |
To specify criteria for employee assignment
- Select SharePoint | Site collection.
- Select the site collection in the result list.
- Select Define search criteria for employee assignment in the task view.
- Specify which user account properties must match with which employee so that the employee is linked to the user account.
Table 31: Default Search Criteria for User Accounts Apply to Column on Employee Column on User Account User accounts (user authenticated) Central user account (CentralAccount) Login name (LoginName) - Save the changes.
Direct Assignment of Employees to User Accounts Based on a Suggestion List
You can create a suggestion list in the "Assignments" view for assignments of employees to user accounts based on the search criteria. User accounts are grouped in different views for this.
| View | Description |
|---|---|
| Suggested assignments | This view lists all user accounts to which One Identity Manager can assign an employee. All employees are shown who were found using the search criteria and can be assigned. |
| Assigned user accounts | This view lists all user accounts to which an employee is assigned. |
| Without employee assignment | This view lists all user accounts to which no employee is assigned and for which no employee was found using the search criteria. |
|
|
TIP: By double-clicking on an entry in the view, you can view the user account and employee master data. |
To apply search criteria to user accounts
- Click Reload.
All possible assignments based on the search criteria are found in the target system for all user accounts. The three views are updated.
To assign employees directly over a suggestion list
- Click Suggested assignments.
- Click Select for all user accounts to be assigned to the suggested employee. Multi-select is possible.
- Click Assign selected.
- Confirm the security prompt with Yes.
The selected user accounts are assigned to the employees found using the search criteria.
– OR –
- Click No employee assignment.
- Click Select employee... for the user account to which you want to assign the employee. Select an employee from the menu.
- Click Select for all user accounts to which you want to assign the selected employees. Multi-select is possible.
- Click Assign selected.
- Confirm the security prompt with Yes.
This assigns the selected user accounts to the employees shown in the "Employee" column.
To remove assignments
- Click Assigned user accounts.
- Click Select for all user accounts whose employee assignment you want to remove. Multi-select is possible.
- Click Delete selected.
- Confirm the security prompt with Yes.
The assigned employees are deleted from the selected user accounts.