Identity Manager 8.1 - Administration Guide for Connecting to SharePoint Online

Mapping a SharePoint Online environment in One Identity Manager Synchronizing a SharePoint Online environment Managing SharePoint Online user accounts and employees Managing the assignments of SharePoint Online groups and roles Mapping of SharePoint Online objects in One Identity Manager
SharePoint Online tenants SharePoint Online user accounts SharePoint Online groups SharePoint Online permission levels SharePoint Online site collections SharePoint Online sites SharePoint Online roles
Handling of SharePoint Online objects in Web Portal Basic data for managing a SharePoint Online environment Appendix: Configuration parameters for managing SharePoint Online Appendix: Default project template for SharePoint Online Appendix: Editing system objects About us

Assigning account definitions to employees

Account definitions are assigned to company employees.

Indirect assignment is the default method for assigning account definitions to employees. Account definitions are assigned to departments, cost centers, locations or roles. The employees are categorized into these departments, cost centers, locations or roles depending on their function in the company and thus obtain their account definitions. To react quickly to special requests, you can assign individual account definitions directly to employees.

You can automatically assign special account definitions to all company employees. It is possible to assign account definitions to the IT Shop as requestable products. A department manager can then request user accounts from the Web Portal for his staff. It is also possible to add account definitions to system roles. These system roles can be assigned to employees through hierarchical roles or directly or added as products in the IT Shop.

In the One Identity Manager default installation, the processes are checked at the start to see if the employee already has a user account in the target system that has an account definition. If no user account exists, a new user account is created with the account definition’s default manage level.

NOTE: If a user account already exists and is disabled, then it is re-enabled. You have to alter the user account manage level afterwards in this case.
Prerequisites for indirect assignment of account definitions to employees
  • Assignment of employees and account definitions is permitted for role classes (department, cost center, location or business role).

NOTE: As long as an account definition for an employee is valid, the employee retains the user account that was created by it. If the assignment of an account definition is removed, the user account that was created from this account definition is deleted.

For detailed information about preparing role classes to be assigned, see the One Identity Manager Identity Management Base Module Administration Guide.

Detailed information about this topic

Assigning account definitions to departments, cost centers, and locations

To add account definitions to hierarchical roles

  1. In the Manager, select SharePoint Online | Basic configuration data | Account definitions | Account definitions.

  2. Select an account definition in the result list.

  3. Select Assign organizations.

  4. Assign organizations in Add assignments.

    • Assign departments on the Departments tab.

    • Assign locations on the Locations tab.

    • Assign cost centers on the Cost centers tab.

    TIP: In the Remove assignments area, you can remove the assignment of organizations.

    To remove an assignment

    • Select the organization and double click .

  5. Save the changes.
Related Topics

Assigning account definitions to business roles

Installed modules:

Business Roles Module

To add account definitions to hierarchical roles

  1. In the Manager, select SharePoint Online | Basic configuration data | Account definitions | Account definitions.

  2. Select an account definition in the result list.

  3. Select Assign business roles.

  4. Assign business roles in Add assignments.

    TIP: In the Remove assignments area, you can remove the assignment of business roles.

    To remove an assignment

    • Select the business role and double click .

  5. Save the changes.
Related Topics

Assigning account definitions to all employees

To assign an account definition to all employees

  1. In the Manager, select SharePoint Online | Basic configuration data | Account definitions | Account definitions.

  2. Select an account definition in the result list.
  3. Select Change master data.
  4. Set Automatic assignment to employees on General.

    IMPORTANT: Only set this option if you can ensure that all current internal employees in the database and all pending newly added internal employees obtain a user account in this target system.
  5. Save the changes.

The account definition is assigned to every employee that is not marked as external. New employees automatically obtain this account definition as soon as they are added. The assignment is calculated by the DBQueue Processor.

NOTE: Disable Automatic assignment to employees to remove automatic assignment of the account definition to all employees. The account definition cannot be reassigned to employees from this point on. Existing assignments remain intact.
Related Topics
Related Documents