Chat now with support
Chat with Support

Identity Manager 8.1 - Administration Guide for Connecting to a Universal Cloud Interface

Managing Universal Cloud Interface Environments Setting up Synchronization with a Cloud Application in the Universal Cloud Interface Basic data for managing a Universal Cloud Interface environment Cloud Target Systems Container Structures in a Cloud Target System Cloud User Accounts Cloud Groups Cloud Permissions Controls Provisioning Object Changes Reports about Objects in Cloud Target Systems Appendix: Configuration Parameters for Managing Cloud Target Systems Appendix: Default Project Template for Cloud Application in the Universal Cloud Interface

Adding Account Definitions in the IT Shop

A account definition can be requested by shop customers when it is assigned to an IT Shop shelf. To ensure it can be requested, further prerequisites need to be guaranteed.

  • The account definition must be labeled with the IT Shop option.

  • The account definition must be assigned to a service item.

    TIP: In Web Portal, all products that can be requested are grouped together by service category. To make the account definition easier to find in Web Portal, assign a service category to the service item.

  • If the account definition is only assigned to employees using IT Shop assignments, you must also set Only for use in IT Shop. Direct assignment to hierarchical roles may not be possible.

NOTE: IT Shop administrators can assign account definitions to IT Shop shelves if login is role-based. Target system administrators are not authorized to add account definitions in the IT Shop.

To add an account definition to the IT Shop

  1. In Manager, select Cloud target systems | Basic configuration data | Account definitions | Account definitions (non-role-based login).

    - OR -

    In Manager, select Entitlements | Account definitions (role-based login).

  2. Select an account definition in the result list.
  3. Select Add to IT Shop.
  4. Assign the account definitions to the IT Shop shelves in Add assignments.
  5. Save the changes.

To remove an account definition from individual IT Shop shelves

  1. In Manager, select Cloud target systems | Basic configuration data | Account definitions | Account definitions (non-role-based login).

    - OR -

    In Manager, select Entitlements | Account definitions (role-based login).

  2. Select an account definition in the result list.
  3. Select Add to IT Shop.
  4. Remove the account definitions from the IT Shop shelves in Remove assignments.
  5. Save the changes.

To remove an account definition from all IT Shop shelves

  1. In the Manager, select Cloud Target Systems | Basic configuration data | Account definitions | Account definitions (non-role-based login).

    - OR -

    In the Manager, select Entitlements | Account definitions (with role-based login).

  2. Select an account definition in the result list.
  3. Select Remove from all shelves (IT Shop).
  4. Confirm the security prompt with Yes.
  5. Click OK.

    The account definition is removed from all shelves by One Identity Manager Service. All requests and assignment requests with this account definition are canceled in the process.

For detailed information about requesting company resources through IT Shop, see the One Identity Manager IT Shop Administration Guide.

Related Topics

Assigning Account Definitions to a Cloud Target System

The following prerequisites must be fulfilled if you implement automatic assignment of user accounts and employees resulting in administered user accounts (state Linked configured):

  • The account definition is assigned to the target system.

  • The account definition has the default manage level.

User accounts are only linked to the employee (Linked) if no account definition is given. This is the case on initial synchronization, for example.

To assign the account definition to a target system

  1. In Manager, select the target system in Cloud target systems.

  2. Select Change master data.
  3. Select the account definition for user accounts from Account definition (initial).

  4. Save the changes.

You must customize automatic assignment of employees to user accounts for custom target systems.

Detailed information about this topic

Deleting an Account Definition

You can delete account definitions if they are not assigned to target systems, employees, hierarchical roles or any other account definitions.

To delete an account definition

  1. Remove automatic assignments of the account definition from all employees.
    1. In the Manager, select the category Cloud Target Systems | Basic configuration data | Account definitions | Account definitions.

    2. Select an account definition in the result list.

    3. Select Change master data.

    4. Disable Automatic assignment to employees on the General tab.

    5. Save the changes.

  2. Remove direct assignments of the account definition to employees.
    1. In the Manager, select the category Cloud Target Systems | Basic configuration data | Account definitions | Account definitions.

    2. Select an account definition in the result list.

    3. Select Assign to employees.

    4. Remove employees from Remove assignments.

    5. Save the changes.

  3. Remove the account definition's assignments to departments, cost centers and locations.
    1. In the Manager, select the category Cloud Target Systems | Basic configuration data | Account definitions | Account definitions.

    2. Select an account definition in the result list.

    3. Select Assign organizations.

    4. In Remove assignments, remove the relevant departments, cost centers, and locations.

    5. Save the changes.

  4. Remove the account definition's assignments to business roles.
    1. In the Manager, select the category Cloud Target Systems | Basic configuration data | Account definitions | Account definitions.

    2. Select an account definition in the result list.

    3. Select Assign business roles.

      Remove the business roles in Remove assignments.

    4. Save the changes.

  5. If the account definition was requested through the IT Shop, it must be canceled and removed from all IT Shop shelves.

    For more detailed information about unsubscribing requests, see the One Identity Manager Web Portal User Guide.

    To remove an account definition from all IT Shop shelves

    1. In the Manager, select Cloud Target Systems | Basic configuration data | Account definitions | Account definitions (non-role-based login).

      - OR -

      In the Manager, select Entitlements | Account definitions (with role-based login).

    2. Select an account definition in the result list.
    3. Select Remove from all shelves (IT Shop).
    4. Confirm the security prompt with Yes.
    5. Click OK.

      The account definition is removed from all shelves by One Identity Manager Service. All requests and assignment requests with this account definition are canceled in the process.

  6. Remove the account definition assignment as required account definition for another account definition. As long as the account definition is required for another account definition, it cannot be deleted. Check all the account definitions.
    1. In the Manager, select the category Cloud Target Systems | Basic configuration data | Account definitions | Account definitions.

    2. Select an account definition in the result list.

    3. Select Change master data.

    4. Remove the account definition in the Required account definition menu.

    5. Save the changes.

  7. Remove the account definition's assignments to target systems.
    1. In Manager, select the target system in Cloud target systems.

    2. Select Change master data.
    3. Remove the assigned account definitions on the General tab.

    4. Save the changes.

  8. Delete the account definition.
    1. In the Manager, select the category Cloud Target Systems | Basic configuration data | Account definitions | Account definitions.

    2. Select an account definition in the result list.

    3. Click to delete an account definition.

Password policies for user accounts

One Identity Manager provides you with support for creating complex password policies, for example, for system user passwords, the employees' central password as well as passwords for individual target systems. Password polices apply not only when the user enters a password but also when random passwords are generated.

Predefined password policies are supplied with the default installation that you can user or customize if required. You can also define your own password policies.

Detailed information about this topic
Related Documents