Miscellaneous Employee Master Data
Miscellaneous Employee Master Data
Enter the following general master data for an employee. This data applies to the target system login, identities, One Identity Manager login data and employee import data.
|
Property |
Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Central user account |
One Identity Manager user identifier. In the One Identity Manager default installation, the central user account is made up of the first and the last name of the employee. An employee’s central user account affects the composition of user accounts in each target system. The central user account is still used for logging into the One Identity Manager tools. | ||||||||||||||
|
Central SAP user account |
Name used to form the user account name in the SAP R/3 target system. In the One Identity Manager default installation, the central user account is made up of the first and the last name of the employee.
| ||||||||||||||
|
Central password and password confirmation |
Password for logging in to the target system. An employee's central password is formed from the target system specific user accounts by respective configuration. | ||||||||||||||
|
Query and reply for central password |
Question-answer combination to be used with mutual aid to reset the employee's central password. | ||||||||||||||
|
Default email address |
The default email address is used to setup mail boxes for an employee in separate target systems. This data is absolutely necessary for automatically creating mailboxes. In the default version of the One Identity Manager, the default email address is composed of the employee’s central user account and the default mail domain of the active target system. | ||||||||||||||
|
Identity |
Employee's identity type.
| ||||||||||||||
|
Main identity |
Allocate a main identity here if the employee is managed as a sub-identity in the One Identity Manager. A subidentity allows you to set up special cases in One Identity Manager. If an employee has several user accounts in one target system that must be assigned to different groups, create a separate subidentity for each user account with a link to the main identity. | ||||||||||||||
|
Dummy employee |
You can use a dummy employee for maintaining identities for test or training purposes in order to treat them as identities but referring to a special status. | ||||||||||||||
|
Actual employee |
Assign the dummy employee to an existing employee. | ||||||||||||||
|
X500 dummy |
Specifies whether the employee is managed as an X500 dummy in the One Identity Manager. If an employee has several X500 entries that differ in properties, you can also use a "Dummy" employee. Label the employee with the option X500 dummy in this case and configure a link to the real X500 employee. | ||||||||||||||
|
X500 person |
Assign the X500 dummy employee to an existing employee. | ||||||||||||||
| Starling 2FA user ID | User ID for multi-factor authentication. For more detailed information about multi-factor authentication, see the One Identity Manager IT Shop Administration Guide. | ||||||||||||||
|
System user |
System user with which the employee can log in to the One Identity Manager administration tools. The login data is analyzed by the authentication module in use. | ||||||||||||||
| Logins | Logins with which the employee can log in to the One Identity Manager administration tools. Enter the login in the form: Domain\User. This information is required if the authentication modules "user account" or "user account (role-based) are used for logging in to One Identity Manager tools. | ||||||||||||||
|
Password and password confirmation |
Password with which the employee logs in to the One Identity Manager tools. | ||||||||||||||
|
User account name (mainframe) |
If an employee is permitted access to the mainframe with their user account, enter the login name here. | ||||||||||||||
|
Notebook user |
Just for information. | ||||||||||||||
|
Company car |
Just for information. | ||||||||||||||
|
Login permitted on terminal server |
Specifies whether this employee is permitted to log in on the terminal server with their user account. | ||||||||||||||
|
Remote access permitted |
Specifies whether the employee can dial into the network with their user account. | ||||||||||||||
|
Import data source |
Target system or data source respectively, from which the employee was imported. This property is also set by scripts for automatically assigning employees to user accounts. | ||||||||||||||
|
Distinguished name |
Distinguished name of the imported employee. This property should be set by the import. | ||||||||||||||
|
Canonical name |
Fully qualified name of the imported employee. This property should be set by the import. |
Related Topics
- Employee's Central User Account
- Employee's Central Password
- Change Password Question
- Employee's Default Email Address
- Mapping Multiple Employee Identities
- Appendix: Authentication Modules for Logging into the One Identity Manager
Employee's Central User Account
Employee's Central User Account
| Configuration Parameter | Meaning |
|---|---|
|
QER\Person\CentralAccountGlobalUnique |
This configuration parameter specifies how the central user account is mapped. If this configuration parameter is set, the central user account for an employee is formed uniquely in relation to the central user accounts of all employees and the user account names of all permitted target systems. If the configuration parameter is not set, it is only formed uniquely related to the central user accounts of all employees. |
The employee’s central user account is used to form the user account login name in the active system. The central user account is still used for logging into the One Identity Manager tools. In the One Identity Manager default installation, the central user account is made up of the first and the last name of the employee. If only one of these is known, then it is used for the central user account. The One Identity Manager checks to see if a central user account with that value already exists. If this is the case, an incremental number is added to the end of the value.
| First name | Last name | Central user account |
|---|---|---|
| Clara | CLARA | |
| Harris | HARRIS | |
| Clara | Harris | CLARAH |
| Clara | Harrison | CLARAH1 |
Employee's Central Password
| Configuration parameter | Active Meaning |
|---|---|
|
QER\Person\UseCentralPassword |
This configuration parameter specifies whether the employee's central password is used in the user accounts. The employee’s central password is automatically mapped to the employee’s user account in all permitted target systems. This excludes privileged user accounts, which are not updated. |
|
QER\Person\UseCentralPassword\PermanentStore |
This configuration parameter controls the storage period for central passwords. If the parameter is set, the employee’s central password is permanently stored. If the parameter is not set, the central password is only used for publishing to existing target system specific user accounts and is subsequently deleted from the One Identity Manager database. |
The central password can be used to log on to target systems. The behavior for this is controlled by the following configuration parameters.
- Set the configuration parameter "QER\Person\UseCentralPassword" in the Designer.
If the configuration parameter "QER\Person\UseCentralPassword" is set, the employee's central password is automatically mapped to an employee's user account in each of the target systems. This excludes privileged user accounts, which are not updated.
- Use the configuration parameter "QER\Person\UseCentralPassword\PermanentStore" in the Designer to specify whether an employee’s central password is permanently saved in the One Identity Manager database or only until the password has been published in the target system.
The password policy "Employee central password policy" is used to format the central password.
|
|
IMPORTANT: Ensure that the password policy "Employee central password policy" does not violate the target system specific password requirements. |
Related Topics
Change Password Question
Change Password Question
Employees can use mutual aid to reset their central password. Prerequisite is a question-answer pair which is stored for changing the central password.
To enter a question-answer combination
- Log on to the Manager
- Open you own employee data.
- Select Change security question in the task view.
- Confirm the security prompt with OK.
- Enter a question and a reply.
|
|
IMPORTANT: Make a note of your reply. You need this if you want to reset you central password using mutual aid. |