Chat now with support
Chat with Support

Identity Manager 8.0 - Identity Management Base Module Administration Guide

Basics for Mapping Company Structures in One Identity Manager Managing Departments, Cost Centers and Locations Working with Dynamic Roles Employee Administration
One Identity Manager Users for Employee Administration Basic Configuration Data for Employees Entering Employee Master Data Employee's Central User Account Employee's Central Password Employee's Default Email Address Disabling and Deleting Employees Assigning Company Resources to Employees Origin of an Employee's Roles and Entitlements Analyzing Role Memberships and Employee Assignments Mapping Multiple Employee Identities Limited Access to One Identity Manager Additional Tasks for Managing Employees Determining an Employee‘s Language Determining an Employee‘s Working Hours Employee Reports
Managing Devices and Workdesks Managing Resources Set up Extended Properties Appendix: Configuration Parameters for Managing Departments, Cost Centers and Locations Appendix: Configuration Parameters for Managing Applications Appendix: Configuration Parameters for Managing Devices and Workdesks Appendix: Authentication Modules for Logging into the One Identity Manager

Mutual Aid for Resetting Passwords

Mutual Aid for Resetting Passwords

Employees can use mutual aid to reset their central password. Prerequisite is the question-answer pair which is stored for changing the central password.

To grant mutual aid

  1. Log on to the Manager
  2. Open you own employee data.
  3. Select Mutual aid - set password in the task view.

    The employee for whom you want to grant mutual and can change their central password on this form.

To change the central password

  1. Enter their central user account under Login name.
  2. Enter the personnel number.

    If there is no personnel number stored with the employee, the field can remain empty.

  3. Click Next.

    The question for the central password appears.

  4. Enter the answer for the central password and click Enable
  5. Enter a new central password and confirm it, then click Save.
Related Topics

Employee's Default Email Address

Table 44: Configuration parameter for the Default Email Address
Configuration parameter Description
QER\Person\DefaultMailDomain

This configuration parameter contains the default mail domain. The value is used to establish an employee's email address.

The employee’s default email address is displayed on the mailboxes in the activated target system. The default installation from the One Identity Manager builds the default email address from the employee’s central user account and the default mail domain of the active target system.

The default mail domain is found in the configuration parameter "QER\Person\DefaultMailDomain".

  • Set the configuration parameter in the Designer and enter the default mail domain name as a value.
Related Topics

Disabling and Deleting Employees

How employees are handled, particularly in the case of permanent or partial withdrawal of an employee, varies between individual companies. There are companies that never delete employees, and only disable them when they leave the company.

The following methods are available in the One Identity Manager standard version:

Temporarily Deactivating Employees

The employee has temporarily left the company and is expected to return at a predefined date. The desired course of action could be to disable the user account and remove all group memberships. Or the user accounts could be deleted and reestablished with the employee’s return, even if it is with a new system identification number (SID).

Temporary disabling of an employee is triggered by:

  • The option Temporary disabled
  • The start and end date for deactivation (Temporary disabled from and Temporary disabled until)

NOTE: Configure and enable the schedule "Lock accounts of employees that have left the company" in the Designer. This schedule checks the start date for disabling and sets the option Temporarily disabled when it is reached.

 NOTE: Configure and enable the schedule "Enable temporarily disabled accounts" in the Designer. This schedule monitors the end date of the disabled period and enables the employee with their user accounts when the date expires. Employee's user accounts that were disabled before the period of temporary absence are also re-enabled once the period has expired.
Related Topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating