Chat now with support
Chat with Support

Identity Manager 8.1.4 - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Managing departments, cost centers, and locations Working with dynamic roles Employee administration
One Identity Manager users for employee administration Basic data for employee master data Entering employee master data Employee's central user account Employee's central password Employee's default email address Mapping multiple employee identities Disabling and deleting employees Password policies for employees Limited access to One Identity Manager Assigning company resources to employees Displaying the origin of an employee's roles and entitlements Analyzing role memberships and employee assignments Additional tasks for managing employees Determining an employee’s language Determining an employee's working hours Employee reports
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Effective configuration parameters for setting up employees Configuration parameters for managing devices and workdesks

Dynamic role overview

You can see the most important information about a dynamic role on the overview form.

To obtain an overview of a dynamic role

  1. Select the role for which the dynamic role was created.
  2. Open the role's overview form.
  3. Select the form element "dynamic roles" and click on the dynamic role.
  4. Select the Dynamic role overview task.

Start immediate recalculation of role memberships

By default, calculation of role membership is controlled with schedules. You can also start the calculation for a single dynamic role immediately and independently of scheduled calculation.

To calculate role membership immediately

  1. Select the role for which the dynamic role was created.
  2. Open the role's overview form.
  3. Select the form element "dynamic roles" and click on the dynamic role.
  4. Select the Start recalculation immediately task and close the prompt with OK.

    A processing task for the DBQueue Processor is set in the DBQueue.

Detailed information about this topic

Employee administration

The main component of One Identity Manager maps employees with their master data and all available company resources. IT resources, such as devices, software, and access permissions in various target systems, qualify as company resources. Resources such as mobile telephones, company cars, or keys can be mapped to employees, as well.

Employees obtain company resources according to their function and their position with the company structure. Company structures, such as departments, cost centers, and location, are also mapped in One Identity Manager. As are employee memberships in these company structures. Once company resources are assigned to the company structures, they are inherited by all the members. This way, employees automatically be supplied with all the necessary company resources.

If you manage access permissions on all One Identity Manager tools using the application role, you obtain all of the information about current access permissions and employee responsibilities with One Identity Manager.

One Identity Manager components for managing employees are available when the QER | Person configuration parameter is set.

  • In the Designer, check if the configuration parameter is set. If not, set the configuration parameter.
Detailed information about this topic

One Identity Manager users for employee administration

Following users are used for employee administration.

Table 26: Users
User Tasks

Employee administrators

Employee administrators must be assigned to the Identity Management | Employees| Administrators application role.

Users with this application role:

  • Can edit master data for all employees

  • Can assign a manager.

  • Can assign company resources to employees.

  • Check and authorize employee master data.

  • Create and edit risk index functions.

  • Edit password policies for employee passwords

  • Delete employee's security keys (WebAuthn)

Employee managers

 

The Base roles | Employee managers application role is automatically assigned to a user if the user is a manager or supervisor of employees, departments, locations, cost centers, business roles, or IT Shops.

Users with this application role:

  • Can edit master data for the objects they are responsible for and assign company resources to them.
  • Can edit new employees added in the Web Portal and edit the master data of their staff.
  • Can add their staff members to the IT Shop.
  • Can view their staff's compliance rule violations in the Web Portal.

Members of this application role are determined through a dynamic role.

One Identity Manager administrators

  • Create customized permissions groups for application roles for role-based login to administration tools in the Designer as required.

  • Create system users and permissions groups for non role-based login to administration tools in the Designer as required.

  • Enable or disable additional configuration parameters in the Designer as required.

  • Create custom processes in the Designer as required.

  • Create and configure schedules as required.

  • Create and configure password policies as required.

For detailed information about implementing and editing application roles, see the One Identity Manager Authorization and Authentication Guide.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating