Configuration parameter | Meaning |
---|---|
QER\Person\TemporaryDeactivation | This configuration parameter specifies whether user accounts for an employee are locked if the employee is temporarily or permanently disabled. |
The way you
User accounts managed through account definitions are
User accounts managed through user account definitions are
To lock a user account when the configuration parameter is disabled
To lock a user account, which is not linked to an employee
For more detailed information about deactivating and deleting employees and user accounts, see the One Identity Manager Target SystemAn instance of a target system in which the employees managed by One Identity Manager have access to network resources. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". Base Module Administration Guide.
You can delete a user account from the result list or the menu base. After the deletion has been confirmed, the user account is deleted from the One Identity Manager database.
By default, user accounts are finally deleted from the database after 30 days. During this period you have the option to reactivate the user accounts. A restore is not possible once the delete delay has expired. You can configure an alternative deletion delay on the table CSMUser in the Designer.
To delete a user account
Once you have deleted a user account, it is also deleted in the Universal Cloud Interface Module through the provisioning process and then in the cloud application. The deletion is logged as a pending change. You can see whether the user account has been deleted in the cloud application from the process status for the pending change. The same applies if memberships of user accounts in groups are deleted.
User accounts are not allowed to be deleted in certain cloud applications. These user accounts cannot be deleted in the Manager, only disabled. You can configure the appropriate behavior in the cloud target system.
To prevent user accounts from being deleted
Groups map the objects that control access to cloud resources though the cloud application. A user account obtains access permissions to cloud resources through its group memberships.
To edit group master data
- OR -
Click in the result list toolbar.
Configuration parameter | Active Meaning |
---|---|
QER\CalculateRiskIndex | Preprocessor relevant configuration parameter controlling system components for calculating an employee's risk index. Changes to the parameter require recompiling the database.
If the parameter is set, values can be entered and calculated for the risk index. |
Enter the following master data for a group.
Property |
Description |
---|---|
Name |
Group identifier |
Container |
Container in which to create the group. |
Target System |
The group's cloud target system |
Distinguished name |
Distinguished name of the group. |
Display name |
The display name is used to display the group in the One Identity Manager tools user interface. |
Group name | Additional name for the group. |
Email address | Group's email address |
Account manager | Manager responsible for the group.
To specify an account manager
|
IT Shop |
Specifies whether the group can be requested through the IT Shop. This group can be requested by staff through the Web Portal and granted through a defined approval process. The group can still be assigned directly to hierarchical roles. For more detailed information, see the One Identity Manager IT Shop Administration Guide. |
Only for use in IT Shop |
Specifies whether the group can only be requested through the IT Shop. This group can be requested by staff through the Web Portal and granted through a defined approval process. The group may not be assigned directly to hierarchical roles. |
Service item | Service item data for requesting the group through the IT Shop. |
Risk index |
Value for evaluating the risk of assigning the group to user accounts. Enter a value between 0 and 1. This property is only visible when the configuration parameter QER\CalculateRiskIndex is set. For more detailed information, see the One Identity Manager Risk Assessment Administration Guide. |
Notes category | Categories for group inheritance. Groups can be selectively inherited by user accounts. To do this, groups and user accounts are divided into categories. Use this menu to allocate one or more categories to the group.
For more detailed information, see the .One Identity Manager Target System Base Module Administration Guide |
Description |
Spare text box for additional explanation. |
Group type | Name of the group type. This is only required if different group types are recognized in the cloud application. |
Resource type | Type of resource, for example, Group. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy