Customizing Program Settings
To change the program settings
- Select Database | Settings... from the menu.
| Setting | Meaning | ||||||
|---|---|---|---|---|---|---|---|
|
Automatically close analysis information window on completion |
If this option is set and analyses are predefined, the information window is closed after analysis. If the option is not set, the information window is shown. Close the window using the Finished button. | ||||||
|
Show permissions weighting |
Set this option to also display a weighting for the permissions. | ||||||
|
Role naming template |
Define a template for role names. This is used when to format new role names in predefined analysis methods. The template support following variables:
|
Running an Analysis
To start analyzing with the Analyzer
- Select Start | One Identity | One Identity Manager | .
- Enter the database connection data and the system ID and log onto the program.
- Select an analysis method.
Table 21: Analysis Method Analysis Methods Description Use the wizard to select analysis data
The output is collected with a wizard. For more information, see Selecting Analysis Data with the Wizard.
Active Directory Employee Permissions
Permissions are analyzed of all employees with Active Directory group memberships. For more information, see Predefined Analyzes.
NOTE: Analysis methods are available if Active Directory Module is available. Active Directory Employee Permissions and Departments
Permissions are analyzed of all employees with Active Directory group memberships. Departments with Active Directory groups are also included in the analysis. For more information, see Predefined Analyzes.
NOTE: Analysis methods are available if Active Directory Module is available. - Verify the analysis results. For more information, see Analysis Evaluation.
- Create a new business role if required and assigned employees to them. Add the suggested changes to the One Identity Manager database. For more information, see Transferring Changes.
Selecting Analysis Data with the Wizard
Before you start the analysis, you collect your initial data. The Analyzer accesses all permissions information in its own database and creates a mapping table with employees and their permissions. The result can be suggestions for single roles from analyzing a single application but also cross-system roles from analyzing permissions in several systems.
To select initial data
- Select Select data with wizard on the Analyzer’s start screen.
- Click Start.
- Specify an employee group to analyze. Select one of the following selection methods.
- Structures
Employees can be selected through the organization and business roles contained in One Identity Manager.
- Select the selection method Structures.
- Click Next.
- Select the organization or business role to analyze in the Structures list.
The employees assigned to this structure are displayed in the Employees list. Use the Show directly/indirectly assigned employees buttons in the title bar to filter the employees.
Table 22: Icons for filtering the Employee List Icon Meaning Show indirectly assigned employees. Show directly assigned employees Show employees from child nodes - Click Next.
- Filter wizard
You define a condition which is used to find the employees in the database. The wizard helps you to formulate a condition (where clause) for database queries. The complete database query is composed internally. The database query references the table "Person". For more information about using the wizard, see .One Identity Manager User Guide for One Identity Manager Tools User Interface and Default Functions
- Menu
The list displays all the employees in the One Identity Manager database. Use SHIFT + SELECTION or CTRL + SELECTION to select several employees for analysis.
- Load wizard template
Load an existing configuration. Select the template file and click Open.
- Structures
- Click Next.
- Select the target system whose user accounts and permissions will be included in the analysis. User CTRL + SELECT to multi-select target systems.
- Click Next.
- Specify the analysis methods. The following methods are available.
Table 23: Analysis Method Analysis Methods Description Simple cluster analysis/Complex cluster analysis
Permissions are grouped with new business roles using cluster analysis methods and assigned employees.
The Analyzer supports role mining through two different cluster analysis methods, which differ in the way they calculate the distances between clusters.
Decision hierarchy
Permissions are grouped into new business roles in a decision hierarchy and employees are assigned to it. The number of group members is taken as the decision criteria.
Structure assignment
You may use existing role structure, for example, organizational structures from ERP systems. The use of existing structures, for example, organizational structure from ERP systems, is possible.
Permissions analysis
Employees are analyzed with the help of permissions analysis. Business roles are freely defined and assignments of permissions and employees are evaluated manually based on the existing permissions.
- Click Next.
- (Optional) To reuse the configuration at a later time, set the option Save configuration as template. Select the directory path for saving the file using the file browser and click Save.
- Click Finish to start the analysis.
This loads the data and starts the analysis. The results of the analysis are subsequently displayed. For more information, see Analysis Evaluation.
- Create a new business role if required and assigned employees to them. Add the suggested changes to the One Identity Manager database. For more information, see Transferring Changes.
Predefined Analyzes
|
|
NOTE: Analysis methods are made available when the Active Directory Module is present. |
The following predefined analyses are provided:
- Active Directory Employee Permissions
Permissions are analyzed of all employees with Active Directory group memberships.
- Active Directory Employee Permissions and Departments
Permissions are analyzed of all employees with Active Directory group memberships. Departments with Active Directory groups are also included in the analysis.
To start predefined analysis
- Select Active Directory Employee Permissions or Select Active Directory Employee Permissions and Departments on the Analyzer home tab.
- Click Start.
This loads the analysis data and starts analysis immediately. This may take some time, depending on the amount of data.
Analysis data is displayed depending on the program settings. Click Expand... to see detailed information. Click Finish to close the dialog box. The results of the analysis are subsequently displayed. For more information, see Analysis Evaluation.