Identity Manager 8.0 - Identity Management Base Module Administration Guide

Basics for Mapping Company Structures in One Identity Manager Managing Departments, Cost Centers and Locations Working with Dynamic Roles Employee Administration
One Identity Manager Users for Employee Administration Basic Configuration Data for Employees Entering Employee Master Data Employee's Central User Account Employee's Central Password Employee's Default Email Address Disabling and Deleting Employees Assigning Company Resources to Employees Origin of an Employee's Roles and Entitlements Analyzing Role Memberships and Employee Assignments Mapping Multiple Employee Identities Limited Access to One Identity Manager Additional Tasks for Managing Employees Determining an Employee‘s Language Determining an Employee‘s Working Hours Employee Reports
Managing Devices and Workdesks Managing Resources Set up Extended Properties Appendix: Configuration Parameters for Managing Departments, Cost Centers and Locations Appendix: Configuration Parameters for Managing Applications Appendix: Configuration Parameters for Managing Devices and Workdesks Appendix: Authentication Modules for Logging into the One Identity Manager

Assigning Company Resources to Devices

Assigning Company Resources to Devices

One Identity Manager uses different assignment types to assign company resources.

  • Indirect Assignment

    In the case of indirect assignment of company resources, employees, devices and workdesks are arranged in departments, cost centers, locations, business roles or application roles. The total of assigned company resources for an employee, device or workdesk is calculated from the position within the hierarchies, the direction of inheritance (top-down or bottom-up) and the company resources assigned to these roles. In the Indirect assignment methods a difference between primary and secondary assignment is taken into account.

  • Direct Assignment

    Direct assignment of company resources results from the assignment of a company resource to an employee, device or a workdesk, for example. Direct assignment of company resources makes it easier to react to special requirements.

  • Assigning through Dynamic Roles

    Assignment through dynamic roles is a special case of indirect assignment. Dynamic roles are used to specify role memberships dynamically. Employees, devices and workdesks are not permanently assigned to a role, just when they fulfill certain conditions. A check is performed regularly to assess which employees, devices or workdesks fulfill these conditions. The means the role memberships change dynamically. For example, company resources can be assigned dynamically to all employees in a department in this way; if an employee leaves the department they immediately lose the resources assigned to them.

The following table shows the possible company resources assignments to devices.

 Note: Company resources are defined in the One Identity Manager modules and are not available until the modules are installed.
Table 59: Possible Assignments of Company Resources to Devices
Company resources Direct assignment permitted Indirect assignment permitted Comment

Active Directory groups

 - +

All Active Directory computers, which reference this device are added to Active Directory groups.

LDAP groups

 - +

All LDAP computers, which reference this device are added to LDAP groups.

 NOTE: Devices also obtain company resources from their workdesks.
Detailed information about this topic
Related Topics

Assigning Devices to Departments, Cost Centers and Locations

Assigning Devices to Departments, Cost Centers and Locations

Assign devices to departments, cost centers and locations so that they obtain company resources through these organizations. To assign company resources to departments, cost centers and locations, use the appropriate organization tasks.

To assign a device to departments, cost centers and locations (secondary assignment; default method)

  1. Select the category Device & Workdesks | Basic configuration data  | <filter>.
  2. Select the device in the result list.
  3. Select Assign organizations.

  4. Assign organizations in Add assignments.

    • Assign departments on the Departments tab.
    • Assign locations on the Locations tab.
    • Assign cost centers on the Cost center tab.

    - OR -

    Remove the organizations from Remove assignments.

  5. Save the changes.

To assign a device to departments, cost centers and locations (primary assignment)

  1. Select the category Device & Workdesks | Basic configuration data  | <filter>.
  2. Select the device in the result list.
  3. Select Change master data in the task view.
  4. Adjust the following master data:
    • Primary department
    • Primary cost center
    • Primary location
  5. Save the changes.
Related Topics

Assigning Devices to Business Roles

Assigning Devices to Business Roles

Installed Modules: Business Roles Module

Assign devices to business roles such that the devices obtain company resources through these business roles. To assign company resources to business roles user the corresponding business role tasks.

To assign a device to business roles (secondary assignment; default method)

  1. Select the category Devices & Workdesks | <filter>.
  2. Select the device in the result list.
  3. Select Assign business roles in the task view.

  4. Assign business roles in Add assignments.

    - OR -

    Remove business roles from Remove assignments.

  5. Save the changes.

To assign a device to business roles (primary assignment)

  1. Select the category Devices & Workdesks | <filter>.
  2. Select the device in the result list.
  3. Select Change master data in the task view.
  4. Enter the primary role.
  5. Save the changes.
Related Topics

Additional Tasks for Managing Devices

After you have entered the master data, you can apply different tasks to it. The task view contains different forms with which you can run the following tasks.

Related Documents