Deleting an Account Definition
You can delete account definitions if they are not assigned to target systems, employees, hierarchical roles or any other account definitions.
|
|
NOTE: If an account definition is deleted, the user accounts arising from this account definition are deleted. |
To delete an account definition
- Remove automatic assignments of the account definition from all employees.
-
Select the category Unix | Basic configuration data | Account definitions | Account definitions.
- Select an account definition in the result list.
- Select Change master data in the task view.
- Disable the option Automatic assignment to employees on the General tab.
- Save the changes.
-
- Remove direct assignments of the account definition to employees.
-
Select the category Unix | Basic configuration data | Account definitions | Account definitions.
- Select an account definition in the result list.
- Select Assign to employees in the task view.
- Remove employees from Remove assignments.
- Save the changes.
-
- Remove the account definition's assignments to departments, cost centers and locations.
-
Select the category Unix | Basic configuration data | Account definitions | Account definitions.
- Select an account definition in the result list.
- Select Assign organizations.
- Remove the account definition's assignments to departments, cost centers and locations in Remove assignments.
- Save the changes.
-
- Remove the account definition's assignments to business roles.
-
Select the category Unix | Basic configuration data | Account definitions | Account definitions.
- Select an account definition in the result list.
- Select Assign business roles in the task view.
Remove business roles from Remove assignments.
- Save the changes.
-
- If the account definition was requested through the IT Shop, it must be canceled and removed from all IT Shop shelves. For more detailed information, see the .One Identity Manager IT Shop Administration Guide
- Remove the account definition assignment as required account definition for another account definition. As long as the account definition is required for another account definition, it cannot be deleted. Check all the account definitions.
-
Select the category Unix | Basic configuration data | Account definitions | Account definitions.
- Select an account definition in the result list.
- Select Change master data in the task view.
- Remove the account definition from the Required account definition menu.
- Save the changes.
-
- Remove the account definition's assignments to target systems.
- Select the host in the category Unix | Hosts.
- Select Change master data in the task view.
- Remove the assigned account definitions on the General tab.
- Save the changes.
- Delete the account definition.
-
Select the category Unix | Basic configuration data | Account definitions | Account definitions.
- Select an account definition in the result list.
- Click
, to delete the account definition.
-
Password Policies
provides you with support for creating complex password policies, for example, for system user passwords, the employees' central password as well as passwords for individual target systems. Password polices apply not only when the user enters a password but also when random passwords are generated.
Predefined password policies are supplied with the default installation that you can user or customize if required. You can also define your own password policies.
Detailed information about this topic
- Predefined Password Policies
- Editing Password Policies
- Custom Scripts for Password Requirements
- Restricted Passwords
- Testing a Password
- Testing Generating a Password
- Assigning a Password Policy
Predefined Password Policies
You can customize predefined password policies to meet your own requirements, if necessary.
Password for logging into
The password policy " password policy" is used for logging into . This password policy defined the settings for the system user passwords (DialogUser.Password and Person.DialogUserPassword) as well as the access code for a one off log in on the Web Portal (Person.Passcode).
The password policy " password policy" is also labeled as the default and is used when no other password policy is found.
Password policy for forming employees' central passwords
An employee's central password is formed from the target system specific user accounts by respective configuration. The password policy "Employee central password policy" defines the settings for the central password (Person.CentralPassword).
|
|
IMPORTANT: Ensure that the password policy "Employee central password policy" does not violate the target system specific password requirements. |
Password policies for target systems
A predefined password that you can apply to the user account password columns, is provided for every target system.
|
|
NOTE: When you update version 7.x to version 8.0, the configuration parameter settings for forming passwords are passed on to the target system specific password policies. |
|
|
IMPORTANT: If you are not working with target system specific password policies, the default policy applies. In this case, ensure that the password policy " password policy" does not violate the target system requirements. |
The password policy "Unix password policy" is predefined for Unix-based systems. You can apply this password policy to Unix user accounts (UNXUser.Password) of a Unix host.
If the hosts' password requirements differ, it is recommended that you set up your own password policies for each host.
Editing Password Policies
To edit a password policy
-
Select the category Manager | Basic configuration data | Password policies in the Unix.
-
Select the password policy in the result list and select Change master data in the task view.
- OR -
Click
in the result list toolbar.
- Edit the password policy's master data.
- Save the changes.