Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Identity Manager 8.1.5 - Authorization and Authentication Guide

Table of Contents

About this guide One Identity Manager application roles

Application roles overview

Application roles for basic functions Compliance and security officer Auditors Application roles for identity audit Application roles for company policies Application roles for attestation Application roles for subscribable reports Management level Application roles for business roles Application roles for organizations Application roles for employees Application roles for the IT Shop Application roles for target systems Application roles for Universal Cloud Interface Application roles for custom tasks

Implementing the application roles Creating and editing application roles

Master data of application roles Assigning employees to application roles Customized extension of application role edit permissions Additional tasks for managing application roles

Creating and editing dynamic roles for application roles Specifying mutually exclusive application roles Assigning subscribable reports to application roles Assigning extended properties to application roles Generating assignment resources for application roles

Reports about application roles

Granting One Identity Manager schema permissions through permissions groups

Predefined permissions groups and system users Rules for determining the valid permissions for tables and columns Processing permissions groups

Permissions groups properties Permissions group dependencies

Editing the dependencies of permissions groups

Copying permissions groups Creating permissions groups

Editing system users

Creating system users System users’ passwords System user properties Adding system users to permission groups Which employees use the system user? Deleting dynamic system users

Editing table permissions and column permissions

Displaying the permissions of a permissions group Displaying permissions for tables Editing table properties Editing column permissions Copying table permissions and column permissions Simulating permissions for system users

Displaying permissions for objects Displaying permissions for the current user Assigning permissions groups to applications

Managing permissions to program features

Program functions for starting the One Identity Manager tools Displaying the current user's program functions Assigning program function to permissions groups Permissions for executing scripts Permissions for executing methods Permissions for triggering processes Modifying permissions for executing actions in the Launchpad

One Identity Manager authentication modules

System users Generic single sign-on (role-based) Employee Employee (role-based) Employee (dynamic) User account User account (role-based) Account based system user Active Directory user account Active Directory user account (role-based) Active Directory user account (manual input) Active Directory user account (manual input/role-based) Active Directory user account (dynamic) LDAP user account (role-based) LDAP user account (dynamic) HTTP header HTTP header (role-based) OAuth 2.0/OpenID Connect OAuth 2.0/OpenID Connect (role-based) Synchronization authentication module Web agent authentication module Component authentication module Crawler Password reset Password reset (role-based) Editing authentication modules

Enabling authentication modules Assigning authentication modules to applications Disabling or enabling authentication modules for applications Authentication module properties Initial data for authentication modules Configuration data for system user dynamic authentication

Example of a simple system user assignment Example of a system user assignment using a selection criterion Example of a function group assignment

Checking authentication

OAuth 2.0 / OpenID Connect configuration

Expiry of the OAuth 2.0/OpenID Connect authentication Creating the OAuth 2.0/OpenID Connect configuration Assigning OAuth 2.0/OpenID Connect configuration to web applications Displaying the configuration of the identity provider and the OAuth 2.0/OpenID Connect applications Specifying enabled and disabled columns for logging in Logging information about OAuth 2.0/OpenID Connect authentication

Multi-factor authentication in One Identity Manager

Editing table properties Preparing the Starling 2FA token request Requesting a security code Allowing approval decisions using the Starling 2FA app

Granulated permissions for the SQL Server and database

Minimum access levels of One Identity Manager tools Displaying database server logins Displaying users' access levels Displaying server and database permissions

Synchronization authentication module

NOTE: This authentication module is available if the Target System Synchronization Module is installed.

This authentication module integrates the default method for Synchronization Editor login.

Credentials	Login uses the sa system user.
Prerequisites
Set as default	Yes
Single sign-on	No
Front-end login allowed	No
Web Portal login allowed	No
Remarks	You must not change the system user sa. The system user is overwritten with each schema update.

Web agent authentication module

The authentication module integrates the default method for Web Designer login, to access the database before the first user login.

Credentials	Login uses the sa system user.
Prerequisites
Set as default	Yes
Single sign-on	No
Front-end login allowed	No
Web Portal login allowed	No
Remarks	You must not change the system user sa. The system user is overwritten with each schema update.

Component authentication module

This authentication module integrates the default method for registering process components.

Credentials	Login uses the sa system user.
Prerequisites
Set as default	Yes
Single sign-on	No
Front-end login allowed	No
Web Portal login allowed	No
Remarks	You must not change the system user sa. The system user is overwritten with each schema update.

Crawler

The authentication module is used by the application server to compile search indexes for full text search over the database.

Credentials	Login uses the sa system user.
Prerequisites
Set as default	Yes
Single sign-on	No
Front-end login allowed	No
Web Portal login allowed	No
Remarks	You must not change the system user sa. The system user is overwritten with each schema update.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center