Chat now with support
Chat with Support

Identity Manager 8.0 - Identity Management Base Module Administration Guide

Basics for Mapping Company Structures in One Identity Manager Managing Departments, Cost Centers and Locations Working with Dynamic Roles Employee Administration
One Identity Manager Users for Employee Administration Basic Configuration Data for Employees Entering Employee Master Data Employee's Central User Account Employee's Central Password Employee's Default Email Address Disabling and Deleting Employees Assigning Company Resources to Employees Origin of an Employee's Roles and Entitlements Analyzing Role Memberships and Employee Assignments Mapping Multiple Employee Identities Limited Access to One Identity Manager Additional Tasks for Managing Employees Determining an Employee‘s Language Determining an Employee‘s Working Hours Employee Reports
Managing Devices and Workdesks Managing Resources Set up Extended Properties Appendix: Configuration Parameters for Managing Departments, Cost Centers and Locations Appendix: Configuration Parameters for Managing Applications Appendix: Configuration Parameters for Managing Devices and Workdesks Appendix: Authentication Modules for Logging into the One Identity Manager

Dynamic Role Overview

Dynamic Role Overview

You can see the most important information about a dynamic role on the overview form.

To obtain an overview of a dynamic role

  1. Select the role for which the dynamic role was created.
  2. Open the role's overview form.
  3. Select the form element "dynamic roles" and click on the dynamic role.
  4. Select Dynamic role overview in the task view.

Start Immediate Recalculation of Role Memberships

Start Immediate Recalculation of Role Memberships

By default, calculation of role membership is controlled with schedules. You can also start the calculation for a single dynamic role immediately and independently of scheduled calculation.

To calculate role membership immediately

  1. Select the role for which the dynamic role was created.
  2. Open the role's overview form.
  3. Select the form element "dynamic roles" and click on the dynamic role.
  4. Select Start recalculation immediately and close the prompt with OK.

    This queues a processing task for the DBQueue Processor in the DBQueue.

Detailed information about this topic

Employee Administration

The main component of One Identity Manager maps employees with their master data and all available company resources. IT resources, such as devices, software and access permissions in various target systems qualify as company resources. Resources such as mobile telephones, company cars or keys can be mapped to employees as well.

Employees obtain company resources according to their function and their position with the company structure. Company structures, such as departments, cost centers and location are also mapped in the One Identity Manager. As are employee memberships in these company structures. Once company resources are assigned to the company structures, they are inherited by all the members. In this way, employees automatically be supplied with all the necessary company resources.

If you manage access permissions on all One Identity Manager tools using application role, you obtain all the information about current access permissions and employee responsibilities with One Identity Manager.

One Identity Manager components for managing employees are available when the configuration parameter "QER/Person" is set.

  • Check whether the configuration parameter is set in the Designer. If not, set the configuration parameter.
Detailed information about this topic

One Identity Manager Users for Employee Administration

One Identity Manager Users for Employee Administration

Following users are used for employee administration.

Table 28: User
User Task

Employee administrators

Employee administrators must be assigned to the application role Identity Management | Employees| Administrators.

Users with this application role:

  • Can edit master data for all employees
  • Can assign a manager.
  • Can assign company resources to employees.
  • Check and authorize employee master data.
  • Create and edit risk index functions.
  • Edit password policies for employee passwords

Employee managers

 

The application Base roles | Employee managers is automatically assigned to a user if the user is a manager or supervisor of employees, departments, locations, cost centers, business roles or IT Shops.

Users with this application role:

  • Can edit master data for the objects they are responsible for and assign company resources to them.
  • Can edit master data for their employees in the Web Portal.
  • Can add their staff members to the IT Shop.
  • Employee and department managers can add new employees in the Web Portal.
  • Can view their staff's compliance rule violations in the Web Portal.

Members of this application role are determined through a dynamic role.

One Identity Manager administrators

  • Create customized permissions groups for application roles for role-based login to administration tools in the Designer, as required.
  • Create system users and permissions groups for non-role based login to administration tools, as required.
  • Enable or disable additional configuration parameters in the Designer, as required.
  • Create custom processes in the Designer, as required.
  • Create and configures schedules, as required.
  • Create and configure password policies, as required.
Related Documents