Entering Employee Master Data
In the One Identity Manager, you can manage master data for company employees as well as external employees. The term ‘employee’ will be used in the following section to describe internal and external employees alike as the master data is the same for both.
Enter employee master data in the One Identity Manager in the category Employees. Employees are filters by different criteria in this category.
Filtering by 'employee' in the navigation view
- Employees
All enabled and temporarily disabled employees.
- Inactive employees
All permanently inactive employees.
- Certification
All employees by certification status.
- Data source
All employees by their import data source.
To edit employee master data
- Select the Employees | Employees.
- Select a employee in the result list and run the task Change master data.
- OR -
Click
in the result list toolbar.
This opens the employee's master data form.
- Edit the employee's master data.
- Save the changes.
Ensure you fill out all compulsory fields when you edit the master data. Certain master data is inherited by the employee user account through templates.
|
|
NOTE: Employee properties loaded from a target system can only be edited to a limited degree in the One Identity Manager. Certain properties are locked due to being the master system. The source from which the employee master data is imported determines which properties are locked. |
Detailed information about this topic
- General Employee Master Data
- Organizational Employee Master Data
- Address Data
- Miscellaneous Employee Master Data
General Employee Master Data
Enter the following general master data for an employee. This data applies to personal and job-related employee data.
|
Property |
Description |
|---|---|
|
First name |
Employee's first name. |
|
Last name |
Employee's last name. |
|
Middle name |
Second middle name. |
|
Form of address |
Employee's form of address. This is automatically set depending on gender. |
|
Title |
Employee's title. |
|
Surname prefix |
Employee's surname prefix, for example "del", "von". |
|
Preferred name |
Employee's preferred name. |
|
Initials |
Employee's initials. These are automatically taken from first and last names. |
|
Gender |
Employee's gender. |
|
Date of birth |
Employee's date of birth. |
|
Name at birth |
Employee's name at date. |
|
Job description |
Description of employee's job within your company. |
|
Generational affix |
Affix, for example, "senior" or "junior". |
|
Language culture |
Language used for sending email notifications to the employee. |
|
Sub-organization |
Note about sub-organizations to which the Employee belongs. |
|
Permanently disabled |
Specifies whether the employee is currently employed by the company. If this option is set, the employee has left the company. All privileges as One Identity Manager user are removed. |
|
Certification status |
Specifies whether the employee master data was approved by the employee’s manager. You can select the following certification statuses:
Certification status is set through certification procedures. |
|
VIP |
Labels the employee as important. |
|
Security risk |
Specifies whether the employee is considered a risk for the company. Depending on how you configure this, you can prevent employees with such labels from inheriting resources and permissions and their user accounts are locked. |
|
No inheritance |
Specifies whether the employee inherits company resources through roles. If this option is set, the employee cannot inherit. Company resources the employee receives through IT Shop requests are not assigned either. Direct assignments remain intact. If the configuration parameter "QER\Attestation\UserApproval" is set, the option is set with respect to the option Disable permanently. If the employee is permanently disabled, the option No inheritance is set through a formatting rule. |
|
External |
Specifies whether the employee is employed internally or externally by your company. If this option is set, the employee is external. External employees are excluded from automatic account definition assignment in the default version of the One Identity Manager. |
|
Company |
Enter a company. Use the |
|
Workdesk |
Employee's workdesk. |
|
Risk index (calculated) |
A risk index is calculated to evaluate the risk of an employee based on their permissions. An employee‘s risk index is determined from the risk indexes of their user accounts. This property is only visible if the configuration parameter "QER\CalculateRiskIndex" is set. |
|
Description |
Spare text box for additional explanation. |
|
Comment |
Spare text box for additional explanation. |
|
Spare fields no. 01.....spare field no. 10 |
Additional company specific information. Use the Designer to customize display names, formats and templates for the input fields. |
Related Topics
- Changing the Certification Status of an Employee
- Permanently Deactivating Employees
- Using Roles to Limit Inheritance
- Business Partners
- How to Set up a Workdesk
Organizational Employee Master Data
Enter the following general master data for an organization.
|
Property |
Description | ||
|---|---|---|---|
|
Personnel number |
Employee's personnel number. | ||
|
Primary department |
Department to which the employee is primary assigned. The employee can obtain company resources through this assignment when One Identity Manager is configured respectively. Furthermore, IT operating data for user accounts and mailboxes can be determined though the department. | ||
|
Primary cost center |
Cost center to which the employee is primary assigned. The employee can obtain company resources through this assignment when One Identity Manager is configured respectively. Furthermore, IT operating data for user accounts and mailboxes can be determined though the cost center. | ||
|
Primary business roles |
Business role to which the employee is assigned. The employee can obtain company resources through this assignment when One Identity Manager is configured respectively. Furthermore, IT operating data for user accounts and mailboxes can be determined though the business role.
| ||
|
Security identification |
Security code for the employee for, for example, access permission. | ||
| User account creation date |
Date on which to create the user account in the target system. This date should be earlier than the entry date. Use custom processes to automatically create user accounts in One Identity Manager on this date. | ||
|
Entry date |
Date the employee started at the company. This is filled with the current date when the employee is added. | ||
|
Leaving date |
Date the employee started at the company. Enter a leaving date for the employee to lock their user account as from a specific point in time. The leaving date is checked regularly by the schedule "Lock accounts of employees that have left the company". When the leaving is met, the employee is blocked. | ||
|
Company member |
Additional information about the employee’s affiliation. | ||
|
Temporarily disabled |
Specifies whether the employee is temporarily absent from the company If this option is set, enter the time period for the temporarily absence. | ||
|
Temporarily disabled from |
Date from which the employee and associated user accounts are disabled. | ||
|
Temporarily disabled until |
Date until which the employee and associated user accounts are disabled. There is a schedule implemented ("Enable temporarily disabled accounts") that monitors the end date of the period of absence. When this date is reached the employee and their user accounts are reenabled. | ||
|
Last working day |
Change the date of the last working day if, for example, an employee leaves the company on a specific day but access to their data should be remain available for longer.
| ||
|
Manager |
Employee’s managers can assume several tasks in One Identity Manager such as
Employee cannot be assigned as their own manager. | ||
|
Sponsor |
When a new employee is added through the Web Portal, you can make additional notes like the manager or sponsor. |
Related Topics
- Preparing Hierarchical Roles for Company Resource Assignments
- Permanently Deactivating Employees
- Temporarily Deactivating Employees
Address Data
Enter the following data for an employee, which describe the employee's location in the company.
|
Property |
Description |
|---|---|
|
Primary location |
Location to which the employee is primary assigned. The employee can obtain company resources through this assignment when One Identity Manager is configured respectively. Furthermore, IT operating data for user accounts and mailboxes can be determined though the location. |
|
Phone |
Employee's telephone number. |
|
Mobile phone |
Employee's mobile number. |
|
Fax |
Employee's fax number. |
|
Display in phone book |
Specifies whether the employee can be shown in the telephone book. |
|
Street |
Street or road. |
|
Building |
Building |
|
Office mailbox |
Office mailbox. |
|
Zip code |
Zip code. |
|
Town |
City. |
|
Country |
Country. You require this to determine the employee’s language and working hours. This data is usually stored with the employee’s location or department data. You can also enter it directly by the employee. |
|
State |
State. You require this to determine the employee’s language and working hours. This data is usually stored with the employee’s location or department data. You can also enter it directly by the employee. |
|
Floor |
Floor. |
|
Room |
Room. |
|
Image |
You can import a picture of the employee into the database. To do this, use the |
button next to the picture box to browse the image to be displayed.Related Topics
- Preparing Hierarchical Roles for Company Resource Assignments
- Determining an Employee‘s Language
- Determining an Employee‘s Working Hours