Identity Manager 8.0 - Identity Management Base Module Administration Guide

Basics for Mapping Company Structures in One Identity Manager Managing Departments, Cost Centers and Locations Working with Dynamic Roles Employee Administration
One Identity Manager Users for Employee Administration Basic Configuration Data for Employees Entering Employee Master Data Employee's Central User Account Employee's Central Password Employee's Default Email Address Disabling and Deleting Employees Assigning Company Resources to Employees Origin of an Employee's Roles and Entitlements Analyzing Role Memberships and Employee Assignments Mapping Multiple Employee Identities Limited Access to One Identity Manager Additional Tasks for Managing Employees Determining an Employee‘s Language Determining an Employee‘s Working Hours Employee Reports
Managing Devices and Workdesks Managing Resources Set up Extended Properties Appendix: Configuration Parameters for Managing Departments, Cost Centers and Locations Appendix: Configuration Parameters for Managing Applications Appendix: Configuration Parameters for Managing Devices and Workdesks Appendix: Authentication Modules for Logging into the One Identity Manager

Entering Employee Master Data

In the One Identity Manager, you can manage master data for company employees as well as external employees. The term ‘employee’ will be used in the following section to describe internal and external employees alike as the master data is the same for both.

Enter employee master data in the One Identity Manager in the category Employees. Employees are filters by different criteria in this category.

Filtering by 'employee' in the navigation view

  • Employees

    All enabled and temporarily disabled employees.

  • Inactive employees

    All permanently inactive employees.

  • Certification

    All employees by certification status.

  • Data source

    All employees by their import data source.

To edit employee master data

  1. Select the Employees | Employees.
  2. Select a employee in the result list and run the task Change master data.

    - OR -

    Click in the result list toolbar.

    This opens the employee's master data form.

  3. Edit the employee's master data.
  4. Save the changes.

Ensure you fill out all compulsory fields when you edit the master data. Certain master data is inherited by the employee user account through templates.

NOTE: Employee properties loaded from a target system can only be edited to a limited degree in the One Identity Manager. Certain properties are locked due to being the master system. The source from which the employee master data is imported determines which properties are locked.
Detailed information about this topic

General Employee Master Data

Enter the following general master data for an employee. This data applies to personal and job-related employee data.

Table 36: General Master Data

Property

Description

First name

Employee's first name.

Last name

Employee's last name.

Middle name

Second middle name.

Form of address

Employee's form of address. This is automatically set depending on gender.

Title

Employee's title.

Surname prefix

Employee's surname prefix, for example "del", "von".

Preferred name

Employee's preferred name.

Initials

Employee's initials. These are automatically taken from first and last names.

Gender

Employee's gender.

Date of birth

Employee's date of birth.

Name at birth

Employee's name at date.

Job description

Description of employee's job within your company.

Generational affix

  • Affix, for example, "senior" or "junior".

  • Language culture

    Language used for sending email notifications to the employee.

    Sub-organization

    Note about sub-organizations to which the Employee belongs.

    Permanently disabled

    Specifies whether the employee is currently employed by the company. If this option is set, the employee has left the company. All privileges as One Identity Manager user are removed.

    Certification status

    Specifies whether the employee master data was approved by the employee’s manager. You can select the following certification statuses:

    • New – The employee was newly added to the One Identity Manager database.
    • Certified – Employee master data was granted approval by the manager.
    • Denied – Employee master data was denied approval by the manager. The employee is permanently disabled.

    Certification status is set through certification procedures.

    VIP

    Labels the employee as important.

    Security risk

    Specifies whether the employee is considered a risk for the company. Depending on how you configure this, you can prevent employees with such labels from inheriting resources and permissions and their user accounts are locked.

    No inheritance

    Specifies whether the employee inherits company resources through roles. If this option is set, the employee cannot inherit. Company resources the employee receives through IT Shop requests are not assigned either. Direct assignments remain intact.

    If the configuration parameter "QER\Attestation\UserApproval" is set, the option is set with respect to the option Disable permanently. If the employee is permanently disabled, the option No inheritance is set through a formatting rule.

    External

    Specifies whether the employee is employed internally or externally by your company. If this option is set, the employee is external. External employees are excluded from automatic account definition assignment in the default version of the One Identity Manager.

    Company

    Enter a company. Use the next to the text box to add a new company.

    Workdesk

    Employee's workdesk.

    Risk index (calculated)

    A risk index is calculated to evaluate the risk of an employee based on their permissions. An employee‘s risk index is determined from the risk indexes of their user accounts. This property is only visible if the configuration parameter "QER\CalculateRiskIndex" is set.

    Description

    Spare text box for additional explanation.

    Comment

    Spare text box for additional explanation.

    Spare fields no. 01.....spare field no. 10

    Additional company specific information. Use the Designer to customize display names, formats and templates for the input fields.

    Related Topics

    Organizational Employee Master Data

    Enter the following general master data for an organization.

    Table 37: Organizational Master Data

    Property

    Description

    Personnel number

    Employee's personnel number.

    Primary department

    Department to which the employee is primary assigned. The employee can obtain company resources through this assignment when One Identity Manager is configured respectively.

    Furthermore, IT operating data for user accounts and mailboxes can be determined though the department.

    Primary cost center

    Cost center to which the employee is primary assigned. The employee can obtain company resources through this assignment when One Identity Manager is configured respectively.

    Furthermore, IT operating data for user accounts and mailboxes can be determined though the cost center.

    Primary business roles

    Business role to which the employee is assigned. The employee can obtain company resources through this assignment when One Identity Manager is configured respectively.

    Furthermore, IT operating data for user accounts and mailboxes can be determined though the business role.

    Note: This property is available if the Business Roles Module is installed.

    Security identification

    Security code for the employee for, for example, access permission.

    User account creation date

    Date on which to create the user account in the target system. This date should be earlier than the entry date. Use custom processes to automatically create user accounts in One Identity Manager on this date.

    Entry date

    Date the employee started at the company. This is filled with the current date when the employee is added.

    Leaving date

    Date the employee started at the company. Enter a leaving date for the employee to lock their user account as from a specific point in time. The leaving date is checked regularly by the schedule "Lock accounts of employees that have left the company". When the leaving is met, the employee is blocked.

    Company member

    Additional information about the employee’s affiliation.

    Temporarily disabled

    Specifies whether the employee is temporarily absent from the company If this option is set, enter the time period for the temporarily absence.

    Temporarily disabled from

    Date from which the employee and associated user accounts are disabled.

    Temporarily disabled until

    Date until which the employee and associated user accounts are disabled. There is a schedule implemented ("Enable temporarily disabled accounts") that monitors the end date of the period of absence. When this date is reached the employee and their user accounts are reenabled.

    Last working day

    Change the date of the last working day if, for example, an employee leaves the company on a specific day but access to their data should be remain available for longer.

    NOTE: The date of the last working day is copied to the employee’s user accounts as the expiration date. This overwrites the existing account expiration date.

    Manager

    Employee’s managers can assume several tasks in One Identity Manager such as

    • Edit employee master data for their staff
    • Certify employee master data for their staff
    • Attest company resources assigned to their staff
    • Approve request for their staff in the IT Shop

    Employee cannot be assigned as their own manager.

    Sponsor

    When a new employee is added through the Web Portal, you can make additional notes like the manager or sponsor.

    Related Topics

    Address Data

    Enter the following data for an employee, which describe the employee's location in the company.

    Table 38: Address data

    Property

    Description

    Primary location

    Location to which the employee is primary assigned. The employee can obtain company resources through this assignment when One Identity Manager is configured respectively.

    Furthermore, IT operating data for user accounts and mailboxes can be determined though the location.

    Phone

    Employee's telephone number.

    Mobile phone

    Employee's mobile number.

    Fax

    Employee's fax number.

    Display in phone book

    Specifies whether the employee can be shown in the telephone book.

    Street

    Street or road.

    Building

    Building

    Office mailbox

    Office mailbox.

    Zip code

    Zip code.

    Town

    City.

    Country

    Country. You require this to determine the employee’s language and working hours. This data is usually stored with the employee’s location or department data. You can also enter it directly by the employee.

    State

    State. You require this to determine the employee’s language and working hours. This data is usually stored with the employee’s location or department data. You can also enter it directly by the employee.

    Floor

    Floor.

    Room

    Room.

    Image

    You can import a picture of the employee into the database. To do this, use the button next to the picture box to browse the image to be displayed.

    Related Topics
    Related Documents