Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to the Universal Cloud Interface

Managing Universal Cloud Interface Environments Setting up Synchronization with a Cloud Application in the Universal Cloud Interface Base Data for Managing Universal Cloud Interface Cloud Target Systems Container Structures in a Cloud Target System Cloud User Accounts Cloud Groups Cloud Permissions Controls Provisioning Object Changes Reports about Objects in Cloud Target Systems Appendix: Configuration Parameters for Managing Cloud Target Systems Appendix: Default Project Template for Cloud Application in the Universal Cloud Interface

The Provisioning Sequence

The following image show how object changes are provisioned and how the pending changes associated with it are processed. The sequence does no depend on whether the module Cloud System Management and the Universal Cloud Interface are installed in the same or in separate databases.

Figure 3: ProvisioningClosed Sequence for Pending Changes

By default, the Cloud Systems Management module is synchronized hourly with the Universal Cloud Interface. This ensures that the processing state for pending changes is declared promptly in the Cloud Systems Management Module.

Retention Time for Pending Changes

Retention Time for Pending Changes

Table 51: Configuration Parameters
Configuration parameter Effect when Set
QBM\PendingChange\LifeTimeError This configuration parameter specifies the maximum retention period (in days) for failed provisioning processes. Default is 30 days.
QBM\PendingChange\LifeTimeRunning This configuration parameter specifies the maximum retention period (in days) for open provisioning processes. Default is 30 days.
QBM\PendingChange\LifeTimeSuccess This configuration parameter specifies the maximum retention period (in days) for successful provisioning processes. Default is 2 days.

Pending changes are saved for a fixed period. After expiring, the entries in QBMPendingChange and QBMPendingChangeDetail are deleted by the DBQueue Processor. The retention period depends on the status of provisioning processes and can be configured in the configuration parameter.

To configure the retention period for pending changes

  1. To change the retention period for successful provisioning processes, edit the value of the configuration parameter "QBM\PendingChange\LifeTimeSuccess" in the Designer.
  2. To change the retention period for failed provisioning processes, edit the value of the configuration parameter "QBM\PendingChange\LifeTimeError" in the Designer.
  3. To change the retention period for open provisioning processes, edit the value of the configuration parameter "QBM\PendingChange\LifeTimeRunning" in the Designer.
  4. Enter a retention period in days.

Reports about Objects in Cloud Target Systems

Reports about Objects in Cloud Target Systems

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for cloud systems.

NOTE: Other sections may be available depending on the which modules are installed.
Table 52: Reports for the Target SystemClosed

Report

Description

Overview of all Assignments (Cloud target systemClosed)

This report finds all roles containing employees with at least one user account in the selected target system.

Overview of all assignments (Cloud container)

This report finds all roles containing employees with at least one user account in the selected container.

Overview of all assignments (Cloud group)

This report finds all roles containing employees with the selected group.

Show orphaned user accounts

This report shows all user accounts in the target system which are not assigned an employee. The report contains group memberships and risk assessment.

Show employees with multiple user accounts

This report shows all employees with more than one user account in the target system. The report is a risk assessment.

Show unused user accounts

This report shows all user accounts in the target system that have not been used in the last few months. The report contains group memberships and risk assessment.

Show entitlement drifts

This report shows all target system groups, which are the result of manual operations in the target system rather than provisioned through One Identity Manager.

Show user accounts with an above average number of system entitlements

This report contains all user accounts in the target system with an above average number of group memberships.

Cloud target systems user account and group administration

This report contains a summary of user account and group distribution in all cloud target systems. You can find this report in the category My One Identity Manager.

Cloud Target Systems Data Quality Summary

This report contains different evaluations of user account data quality in all cloud target systems. You can find this report in the category My One Identity Manager.

Related Topics

Overview of all Assignments

Overview of all Assignments

The report "Overview of all Assignments" is displayed for certain objects, for example, permissions, compliance rules or roles. The report finds all the roles, for example, departments, cost centers, locations, business roles and IT Shop structures in which there are employee who own the selected base object. In this case, direct as well as indirect base object assignments are included.

Example
  • If the report is created for a resource, all roles are determined in which there are employees with this resource.
  • If the report is created for a group, all roles are determined in which there are employees with this group.
  • If the report is created for a compliance rule, all roles are determined in which there are employees with this compliance rule.
  • If the report is created for a department, all roles are determined in which employees of the selected department are also members.
  • If the report is created for a business role, all roles are determined in which employees of the selected business role are also members.

To display detailed information about assignments

  • To display the report, select the base object from the navigation or the result list and select the report Overview of all assignments.
  • Use the Used by button in the report's toolbar to select the role class (department, location, business role or IT Shop structure) for which you determine if roles exist in which there are employees with the selected base object.

    All the roles of the selected role class are shown. The color coding of elements identifies the role in which there are employees with the selected base object. The meaning of the report control elements is explained in a separate legend. In the report's toolbar, click to open the legend.

  • Double-click a control to show all child roles belonging to the selected role.
  • By clicking the button in a role's control, you display all employees in the role with the base object.
  • Use the small arrow next to to start a wizard that allows you to bookmark this list of employee for tracking. This creates a new business role to which the employees are assigned.

Figure 4: Toolbar for Report "Overview of all assignments"

Table 53: Meaning of Icons in the Report Toolbar
Icon Meaning
Show the legend with the meaning of the report control elements
Saves the current report view as a graphic.
Selects the role class used to generate the report.

Displays all roles or only the affected roles.

Related Documents