Chat now with support
Chat with Support

Identity Manager 8.0 - Identity Management Base Module Administration Guide

Basics for Mapping Company Structures in One Identity Manager Managing Departments, Cost Centers and Locations Working with Dynamic Roles Employee Administration
One Identity Manager Users for Employee Administration Basic Configuration Data for Employees Entering Employee Master Data Employee's Central User Account Employee's Central Password Employee's Default Email Address Disabling and Deleting Employees Assigning Company Resources to Employees Origin of an Employee's Roles and Entitlements Analyzing Role Memberships and Employee Assignments Mapping Multiple Employee Identities Limited Access to One Identity Manager Additional Tasks for Managing Employees Determining an Employee‘s Language Determining an Employee‘s Working Hours Employee Reports
Managing Devices and Workdesks Managing Resources Set up Extended Properties Appendix: Configuration Parameters for Managing Departments, Cost Centers and Locations Appendix: Configuration Parameters for Managing Applications Appendix: Configuration Parameters for Managing Devices and Workdesks Appendix: Authentication Modules for Logging into the One Identity Manager

Functional areas

Functional areas

To analyze rule checks for different areas of your company in the context of identity audit, you can set up functional areas. Functional areas can be assigned to hierarchical roles and service items. You can enter criteria that provide information about risks from rule violations for functional areas and hierarchical roles. To do this, you specify how man rule violations are permitted in a functional area or a role. You can enter separate assessment criteria for each role, such as a risk index or transparency index.

Example for using Functional Areas

The risk of rule violation should be analyzed for cost centers. Proceed as follows:

  1. Set up functional areas.
  2. Assign cost centers to the functional areas.
  3. Define assessment criteria for the cost centers.
  4. Define assessment criteria for the functional areas.
  5. Assign compliance rules required for the analysis to the functional area.
  6. Use the One Identity Manager report function to create a report that prepares the result of rule checking for the functional area by any criteria.

To edit functional areas

  1. Select the category Organizations | Basic configuration data | Functional areas.
  2. Select the functional area in the result list. Select Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit the function area master data.
  4. Save the changes.

Enter the following data for a functional area.

Table 8: Functional Area Properties
Property Description
Functional area Description of the functional area
Parent Functional area Parent functional area in a hierarchy.

Select a parent functional area from the list in order to organize your functional areas hierarchically.

Max. number of rule violations List of rule violation valid for this functional area. This value can be evaluated during the rule check.

NOTE: This input field is available if theCompliance Rules Module exists.
Description Spare text box for additional explanation.
Related Topics
  • One Identity Manager Compliance Rules Administration Guide

Attestors

Attestors

Installed Modules: Attestation Module

In One Identity Manager, you can assign employees to departments, cost centers and locations that can be brought in as attestors in attestation cases when the approval workflow is set up accordingly. To do this, assign the departments, cost centers and locations to application roles for attestors. A default application role for attestors is available in One Identity Manager. Assign employees that are authorized to attest permissions, requests or other data stored in the One Identity Manager to this application role. You may create other application roles as required. For more detailed information about implementing and editing application roles, see the One Identity Manager Application Roles Administration Guide.

Table 9: Default Application Roles for Attestors
User Task

Approvers for organizations

 

Attestors must be assigned to the application role Identity Management | Organizations | Attestors or a child application role.

Users with this application role:

  • Attest correct assignment of company resources to departments, cost centers and locations for which they are responsible.
  • Can view master data for departments, cost centers and locations but cannot edit them.

Note: This application role is available if the module Attestation Module is installed.

To specify attestors

  1. Select the category Organizations | Basic configuration data | Attestors.
  2. Select Assign employees in the task view.
  3. Assign employees in Add assignments.

    - OR -

    Remove employees from Remove assignments.

  4. Save the changes.
Related Topics
  • Roles Classes
  • One Identity Manager Attestation Administration Guide

Approvers and Approvers (IT)

Approvers and Approvers (IT)

In One Identity Manager, you can assign employees to departments, cost centers and locations that can be brought in as approvers in approval procedures for IT Shop requests when the approval workflow is set up accordingly. To do this, assign the departments, cost centers and locations to application roles for approvers. Default application roles for approvers and approvers (IT) are available in One Identity Manager. Assign employees that are authorized to approve requests in the IT Shop to this application role. You may create other application roles as required. For more detailed information about implementing and editing application roles, see the One Identity Manager Application Roles Administration Guide.

Table 10: Default Application Roles for Approvers
User Task

Approvers for organizations

 

Approvers must be assigned to the application role Identity Management | Organizations | Approvers or a child application role.

Users with this application role:

  • Are approvers for the IT Shop.
  • Approve request from departments, cost centers and locations for which they are responsible.

Approvers (IT) for organizations

 

IT role approvers must be assigned to the application role Identity Management | Organizations | Role approvers (IT) or a child application role.

Users with this application role:

  • Are IT role approvers for the IT Shop.
  • Approve request from departments, cost centers and locations for which they are responsible.

To specify a role approver or role approver (IT)

  1. Select the category Organizations | Basic configuration data | Approver.

    - OR -

    Select the category Organizations | Basic configuration data | Approver (IT).

  2. Select Assign employees in the task view.
  3. Assign employees in Add assignments.

    - OR -

    Remove employees from Remove assignments.

  4. Save the changes.
Related Topics

Editing Departments

To edit departments

  1. Select the category Organizations | Departments.
  2. Select the department in the result list. Select Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit the department's master data.
  4. Save the changes.
Detailed information about this topic
Related Documents