Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Identity Manager 8.1.4 - Identity Management Base Module Administration Guide

Table of Contents

Basics for mapping company structures in One Identity Manager

Hierarchical role structure basic principles

Inheritance directions within a hierarchy Discontinuing inheritance

Basic principles for assigning company resources

Direct assignment Indirect assignment

Secondary assignment Primary assignment

Assignment by dynamic roles Assigning through IT Shop requests

Basics of calculating inheritance

Calculating inheritance by hierarchical roles Calculation of assignments

Preparing hierarchical roles for company resource assignments

Possible assignments of company resources through roles Permitting assignments of employees, devices, workdesks, and company resources Using roles to limit inheritance Inheritance exclusion: Specifying conflicting roles

Managing departments, cost centers, and locations

One Identity Manager users for organizations Basic data for structuring departments, cost centers, and locations

Role classes Role types Functional areas Attestors Role approvers and role approvers (IT)

Editing departments

General master data for a department Contact data for departments Functional area and risk assessment

Editing cost centers

General master data for a cost center Functional area and risk assessment

Editing locations

General master data for a location Location address information Configuring a location's network Directions to location Functional area and risk assessment

Assigning employees, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Setting up IT operating data

Modify IT operating data

Additional tasks for managing departments, cost centers, and locations

Creating dynamic roles for departments, cost centers, and locations Assign organizations Specifying inheritance exclusion for roles

Reports about departments, cost centers, and locations

Working with dynamic roles

Editing dynamic roles

Dynamic role master data

Conditions for dynamic roles Testing a condition of a dynamic role Calculating role memberships Additional tasks for dynamic roles

Dynamic role overview Start immediate recalculation of role memberships

Employee administration

One Identity Manager users for employee administration Basic data for employee master data

Business partners Creating custom mail templates for notifications

General properties of a mail template Creating and editing an email definition

Using base object properties

Customizing email signatures

Entering employee master data

General employee master data Organizational employee master data Address data Miscellaneous employee master data

Employee's central user account Employee's central password Employee's default email address Mapping multiple employee identities

Employee identity types

Disabling and deleting employees

Temporarily deactivating employees Permanently deactivating employees

Re-enabling an employee

Deferred deletion of employees Deleting all employee related data

Password policies for employees

Predefined password policies Using password policies

Changing the password policy for the password columns Assigning password policies to departments, cost centers, locations, and business roles

Editing password policies

General master data for password policies Policy settings Character classes for passwords

Custom scripts for password requirements

Script for checking passwords Script for generating a password

Defining the excluded list for passwords Checking a password Testing password generation Informing employees about expiring passwords Displaying locked employees and system users

Limited access to One Identity Manager

Changing the certification status of an employee

Assigning company resources to employees

Assigning employees to departments, cost centers, and locations Assigning employees to business roles Adding employees to IT Shop custom nodes Assigning application roles to employees Assigning resources directly to employees Assigning software directly to employees Assigning system roles directly to employees Assigning subscribable reports directly to employees

Displaying the origin of an employee's roles and entitlements Analyzing role memberships and employee assignments Additional tasks for managing employees

Employee overview Manually assigning user accounts to employees Entering calls for an employee Assigning extended properties Displaying and deleting employees' Webauthn security keys Setting a secret password question Mutual aid

Determining an employee’s language Determining an employee's working hours Employee reports

Managing devices and workdesks

Basic data for device admin

General master data for a device model Inventory data for a device model

Business partners Device status Workdesk status Workdesk types

Setting up a device

General master data for a device Device networking data

Assigning company resources to devices

Assigning devices to departments, cost centers, and locations Assigning devices to business roles

Additional tasks for managing devices

Overview of devices Assigning service agreements and enter calls

How to set up workdesks

General master data for a workdesk Workdesk location information Additional information about a workdesk

Assigning company resources to workdesks

Assigning workdesks to departments, cost centers, and locations Assigning workdesks to business roles Assigning software directly to workdesks Assigning system roles directly to workdesks

Additional tasks for managing workdesks

Workdesk overview Assigning devices to workdesks Assigning employees to workdesks

Asset data for devices

Basic data for asset management

Asset classes Asset types

Entering investments and investment plans Editing device asset data

Master data for asset data Commercial data

Managing resources

One Identity Manager users for managing resources Basic data for resources

Editing resources

Resource master data

Assigning resources to employees

Assigning resources to departments, cost centers, and locations Assigning resources to business roles Assigning resources directly to employees Adding resources to the IT Shop Adding resources in system roles

Additional tasks for managing resources

Resource overview Assigning extended properties to resources

Editing multi-request resources

Master data for a multi-request resource

Assigning multi-request resources to employees

Adding multi request resources to the IT Shop

Reports about resources

Setting up extended properties

One Identity Manager users for managing extended properties Create property groups Edit extended properties

Extended property master data Specifying scoped boundaries

Additional tasks for managing extended properties

Extended property overview Assign objects Assigning property groups

Configuration parameters for managing departments, cost centers, and locations Effective configuration parameters for setting up employees Configuration parameters for managing devices and workdesks

Re-enabling an employee

Employees who are permanently deactivated can be re-enabled if they were not disabled by certification.

To re-enable an employee

In the Manager, select the Employees | Inactive employees category.
Select the employee in the result list.
Select the Re-enable employee task.
Confirm the security prompt with Yes if the employee should be enabled.

On the master data form for the employee, the Disabled permanently option is not set. The end date and last working day are deleted assuming the dates are past.
Save the changes.

Related topics

Permanently deactivating employees

Deferred deletion of employees

When an employee is deleted, they are tested to see if user accounts and company resources are still assigned, or if there are still pending requests in the IT Shop. The employee is marked for deletion and therefore locked out of further processing. Before an employee can finally be deleted from the One Identity Manager database, you need to delete all company resource assignments and close all requests. You can do this manually or implement custom processes to do it. All the user accounts linked to one employee could be deleted by default by One Identity Manager once this employee has been deleted. If no more company resources are assigned, the employee is finally deleted.

By default, employees are finally deleted from the database after 30 days. During this period it is possible to re-enable the employee. A restore is not possible once deferred deletion has expired. In the Designer, you can set an alternative delay on the Person table.

Related topics

Deleting all employee related data

A procedure called QER_PPersonDelete_GDPR is provided to support the special process for deleting employee related data, which implements the General Data Protection Regulation (GDPR) of the European Union. You can use this procedure to delete all data relating to an employee from the One Identity Manager database. For certain dependencies, processes that are handled by the One Identity Manager Service are created by the procedure.

NOTE: During execution of this procedure, the database does not allow any triggers. Therefore, it is recommended to only run the procedure in maintenance periods.

You can execute the procedure in any program suitable for running SQL queries.

Calling syntax:

exec QER_PPersonDelete_GDPR ' <employee UID from the Person table, UID_Person column>'

Password policies for employees

One Identity Manager provides you with support for creating complex password policies, for example, for system user passwords, the employees' central password as well as passwords for individual target systems. Password polices apply not only when the user enters a password but also when random passwords are generated.

Predefined password policies are supplied with the default installation that you can use or customize if required. You can also define your own password policies.

Detailed information about this topic

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center