Chat now with support
Chat with Support

Identity Manager 8.0 - Identity Management Base Module Administration Guide

Basics for Mapping Company Structures in One Identity Manager Managing Departments, Cost Centers and Locations Working with Dynamic Roles Employee Administration
One Identity Manager Users for Employee Administration Basic Configuration Data for Employees Entering Employee Master Data Employee's Central User Account Employee's Central Password Employee's Default Email Address Disabling and Deleting Employees Assigning Company Resources to Employees Origin of an Employee's Roles and Entitlements Analyzing Role Memberships and Employee Assignments Mapping Multiple Employee Identities Limited Access to One Identity Manager Additional Tasks for Managing Employees Determining an Employee‘s Language Determining an Employee‘s Working Hours Employee Reports
Managing Devices and Workdesks Managing Resources Set up Extended Properties Appendix: Configuration Parameters for Managing Departments, Cost Centers and Locations Appendix: Configuration Parameters for Managing Applications Appendix: Configuration Parameters for Managing Devices and Workdesks Appendix: Authentication Modules for Logging into the One Identity Manager

One Identity Manager Users for Organizations

One Identity Manager Users for Organizations

The following users are used for the administration of departments, cost centers and locations.

Table 5: Users
User Task

Administrators for organizations

 

Administrators must be assigned to the application role Identity Management | Organizations | Administrators.

Users with this application role:

  • Set up and edit departments, cost centers and locations.
  • Assign company resources to departments, cost centers and locations.
  • Administrate application roles for role approvers, role approvers (IT) and attestors.
  • Set up other application roles as required.

One Identity Manager administrators

 

  • Create customized permissions groups for application roles for role-based login to administration tools in the Designer, as required.
  • Create system users and permissions groups for non-role based login to administration tools, as required.
  • Enable or disable additional configuration parameters in the Designer, as required.
  • Create custom processes in the Designer, as required.
  • Create and configures schedules, as required.
  • Create and configure password policies, as required.

Approvers for organizations

 

Attestors must be assigned to the application role Identity Management | Organizations | Attestors or a child application role.

Users with this application role:

  • Attest correct assignment of company resources to departments, cost centers and locations for which they are responsible.
  • Can view master data for departments, cost centers and locations but cannot edit them.

Note: This application role is available if the module Attestation Module is installed.

Approvers for organizations

 

Approvers must be assigned to the application role Identity Management | Organizations | Approvers or a child application role.

Users with this application role:

  • Are approvers for the IT Shop.
  • Approve request from departments, cost centers and locations for which they are responsible.

Approvers (IT) for organizations

 

IT role approvers must be assigned to the application role Identity Management | Organizations | Role approvers (IT) or a child application role.

Users with this application role:

  • Are IT role approvers for the IT Shop.
  • Approve request from departments, cost centers and locations for which they are responsible.

Base Data for Structuring Departments, Cost Centers and Locations

The following basic information is relevant for building up hierarchical roles in One Identity Manager.

  • Configuration Parameter

    Use configuration parameters to configure the behavior of the system's basic settings. One Identity Manager provides default settings for different configuration parameters. Check the configuration parameters and modify them as necessary to suit your requirements.

    Configuration parameters are defined in the One Identity Manager modules. Each One Identity Manager module can also install configuration parameters. You can find an overview of all configuration parameters in the category Base data | General | Configuration parameters in the Designer.

  • Roles Classes

    Role classes form the basis of mapping from hierarchical roles in the One Identity Manager. Role classes are used to group similar roles together.

  • Role Types

    Create role types in order to classify roles. Roles types can be used to map roles in the user interface, for example.

  • Functional areas

    To analyze rule checks for different areas of your company in the context of identity audit, you can set up functional areas. Functional areas can be assigned to roles. You can enter criteria that provide information about risks from rule violations for functional areas and roles.

  • Attestors

    In One Identity Manager, you can assign employees to departments, cost centers and locations that can be brought in as attestors in attestation cases when the approval workflow is set up accordingly. To do this, assign the departments, cost centers and locations to application roles for attestors. A default application role for attestors is available in One Identity Manager. Assign employees that are authorized to attest permissions, requests or other data stored in the One Identity Manager to this application role. You may create other application roles as required. For more detailed information about implementing and editing application roles, see the One Identity Manager Application Roles Administration Guide.

  • Approvers and Approvers (IT)

    In One Identity Manager, you can assign employees to departments, cost centers and locations that can be brought in as approvers in approval procedures for IT Shop requests when the approval workflow is set up accordingly. To do this, assign the departments, cost centers and locations to application roles for approvers. Default application roles for approvers and approvers (IT) are available in One Identity Manager. Assign employees that are authorized to approve requests in the IT Shop to this application role. You may create other application roles as required. For more detailed information about implementing and editing application roles, see the One Identity Manager Application Roles Administration Guide.

Detailed information about this topic

Roles Classes

Role classes form the basis of mapping from hierarchical roles in the One Identity Manager. Role classes are used to group similar roles together. Following role classes are provided by default for mapping organizations in One Identity Manager.

  • Department
  • Cost center
  • Location

NOTE: You cannot delete the default role classes. However, you can edit their master data.

To edit role classes

  1. Select the category Organizations | Basic configuration data | Role classes.
  2. Select the role class in the result list. Select Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit the role class's master data.
  4. Save the changes.

Enter the following master data for a role class.

Table 6: Role Class Properties

Property

Description

Role classes

Role class description The role class is displayed under this name in the navigation view.

Attestors

Applications role whose members are authorized to approve attestation instances for all roles in this role class.

To create a new application role, click . Enter the application role name and assign a parent application role.

NOTE: This property is available if the Attestation Module is installed.

Description

Spare text box for additional explanation.

Inherited top down

Direction of inheritance top-down.

Top-down inheritance is defined for departments, cost centers, locations and application roles.

Inherited bottom-up

Direction of inheritance bottom-up

Assignment allowed

Specifies whether assignments of respective object types to roles of this role class are allowed in general.

Assignment not allowed

Specifies whether respective object types can be assigned directly to roles of this role class.

Related Topics

Role Types

Create role types in order to classify roles. Roles types can be used to map roles in the user interface, for example.

To edit role types

  1. Select the category Organizations | Basic configuration data | Role types.
  2. Select the role type in the result list. Select Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit the role type's master data.
  4. Save the changes.

Enter the following master data for a role type:

Table 7: Role Type Properties
Property Description
Role type Role type description
Description Spare text box for additional explanation.
Related Documents