Chat now with support
Chat with Support

Identity Manager 8.1.4 - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Managing departments, cost centers, and locations Working with dynamic roles Employee administration
One Identity Manager users for employee administration Basic data for employee master data Entering employee master data Employee's central user account Employee's central password Employee's default email address Mapping multiple employee identities Disabling and deleting employees Password policies for employees Limited access to One Identity Manager Assigning company resources to employees Displaying the origin of an employee's roles and entitlements Analyzing role memberships and employee assignments Additional tasks for managing employees Determining an employee’s language Determining an employee's working hours Employee reports
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Effective configuration parameters for setting up employees Configuration parameters for managing devices and workdesks

One Identity Manager users for organizations

The following users are used for the administration of departments, cost centers, and locations.

Table 5: Users
User Tasks

Administrators for organizations

 

Administrators must be assigned to the Identity Management | Organizations | Administrators application role.

Users with this application role:

  • Set up and edit departments, cost centers, and locations.
  • Assign company resources to departments, cost centers, and locations.
  • Administrate application roles for role approvers, role approvers (IT), and attestors.
  • Set up other application roles as required.

One Identity Manager administrators

 

  • Create customized permissions groups for application roles for role-based login to administration tools in the Designer as required.

  • Create system users and permissions groups for non role-based login to administration tools in the Designer as required.

  • Enable or disable additional configuration parameters in the Designer as required.

  • Create custom processes in the Designer as required.

  • Create and configure schedules as required.

  • Create and configure password policies as required.

Approvers for organizations

 

Attestors must be assigned to the Identity Management | Organizations | Attestors application role or a child application role.

Users with this application role:

  • Attest correct assignment of company resources to departments, cost centers, and locations for which they are responsible.
  • Can view master data for departments, cost centers, and locations but cannot edit them.
NOTE: This application role is available if the module Attestation Module is installed.

Approvers for organizations

 

Role approvers must be assigned to the Identity Management | Organizations | Role approvers application role or a child application role.

Users with this application role:

  • Are approvers for the IT Shop.
  • Approve request from departments, cost centers, and locations for which they are responsible.

Approvers (IT) for organizations

 

IT role approvers must be assigned to the Identity Management | Organizations | Role approvers (IT) application role or a child application role.

Users with this application role:

  • Are IT role approvers for the IT Shop.
  • Approve request from departments, cost centers, and locations for which they are responsible.

Basic data for structuring departments, cost centers, and locations

The following basic information is relevant for building up hierarchical roles in One Identity Manager.

  • Configuration parameter

    Use configuration parameters to configure the behavior of the system's basic settings. One Identity Manager provides default settings for different configuration parameters. Check the configuration parameters and modify them as necessary to suit your requirements.

    Configuration parameters are defined in the One Identity Manager modules. Each One Identity Manager module can also install configuration parameters. In the Designer, you can find an overview of all configuration parameters in the Base data | General | Configuration parameters category.

  • Role classes

    Role classes form the basis of mapping hierarchical roles in One Identity Manager. Role classes are used to group similar roles together.

  • Role types

    Create role types in order to classify roles. Roles types can be used to map roles in the user interface, for example.

  • Functional areas

    To analyze rule checks for different areas of your company in the context of identity audit, you can set up functional areas. Functional areas can be assigned to roles. You can enter criteria that provide information about risks from rule violations for functional areas and roles.

  • Attestors

    In One Identity Manager you can assign departments, cost centers, and locations to employees who can be brought in as attestors in attestation cases, provided that the approval workflow is set up accordingly. To do this, assign the departments, cost centers, and locations to application roles for attestors. A default application role for attestors is available in One Identity Manager. Assign employees that are authorized to attest permissions, requests, or other data stored in One Identity Manager to this application role. You may create other application roles as required. For detailed information about implementing and editing application roles, see the One Identity Manager Authorization and Authentication Guide.

  • Approvers and Approvers (IT)

    In One Identity Manager you can assign departments, cost centers and locations to employees who can be brought in as approvers in approval processes for IT Shop requests, provided that the approval workflow is set up accordingly. To do this, assign the departments, cost centers, and locations to application roles for approvers. Default application roles for approvers and approvers (IT) are available in One Identity Manager. Assign employees that are authorized to approve requests in the IT Shop to this application role. You may create other application roles as required. For detailed information about implementing and editing application roles, see the One Identity Manager Authorization and Authentication Guide.

Detailed information about this topic

Role classes

Role classes form the basis of mapping hierarchical roles in One Identity Manager. Role classes are used to group similar roles together. The following role classes are provided by default for mapping organizations in One Identity Manager:

  • Department

  • Cost center

  • Location

The direction of inheritance is specified by the role class. Top down inheritance is defined for departments, cost centers, locations, and application roles. In addition, assignments that are allowed to be made to individual roles are defined for the role classes. Employees, devices, workdesks, and company resource assignments are predefined for departments, cost centers, and locations. You can edit these role class assignments.

Related topics

Role types

Create role types in order to classify roles. Roles types can be used to map roles in the user interface, for example.

To edit role types

  1. Select the Organizations | Basic configuration data | Role types category.
  2. Select the role type in the result list. Select the Change master data task.

    - OR -

    Click in the result list.

  3. Edit the role type's master data.
  4. Save the changes.

Enter the following master data for a role type:

Table 6: Role type properties
Property Description
Role type Role type description.
Description Text field for additional explanation.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating