One Identity Manager enables its users to perform various tasks simply using a Web Portal.
Managing user accounts and employees
An account definition can be requested by shop customers in Web Portal when it is assigned to an IT Shop shelf. The request undergoes a defined approval procedure. The user account is not created until it has been agreed by an authorized person, such as a manager.
To enable this, attestation policies are configured in Manager. The attesters use the Web Portal to approve attestation cases.
The rules are checked regularly, and if changes are made to the objects in One Identity Manager. Compliance rules are defined in Manager. Supervisors use the Web Portal to check and resolve rule violations and to grant exception approvals.
If the Company Policies Module is available, company policies can be defined for the target system objects mapped in One Identity Manager and their risks evaluated. Company policies are defined in Manager. Supervisors use the Web Portal to check policy violations and and to grant exception approvals.
The One Identity Manager provides default calculation functions for this. The calculation functions can be modified in the Web Portal.
Reports and statistics
One Identity Manager Web Portal User Guide
One Identity Manager Attestation Administration Guide
One Identity Manager Compliance Rules Administration Guide
One Identity Manager Company Policies Administration Guide
One Identity Manager Risk Assessment Administration Guide
To manage a SharePoint Online environment in One Identity Manager, the following basic data is relevant.
Authentication mode used for logging in to the SharePoint Online server with this user account.
Target system types are required for configuring target system comparisons. Tables containing outstanding objects are maintained on target system types.
One Identity Manager has account definitions for automatically allocating user accounts to employees during working hours. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.
In order to handle SharePoint Online -specific processes in One Identity Manager, the synchronization server and its server functions must be declared.
A default application role exists for the target system manager in One Identity Manager.
The following master data is supplied for the authentication mode.
|System ID||Name of the authentication mode. For SharePoint Online, AzureAD is the only authentication mode.|
|User prefix||Prefix for formatting a login name for new user accounts. The associated authentication object is not a group. This means, the user account option Group is not set.|
|Group prefix||Prefix for formatting a login name for new user accounts. The associated authentication object is a group. This means, the user account option Group is set.|
|Column for login name||Column in the table Person used to format the login name for new user accounts. This information is required if employees are linked to user accounts though automatic employee assignment.|
In order to handle SharePoint Online -specific processes in One Identity Manager, the synchronization server and its server functions must be declared. You have several options for defining a server's functionality:
Create an entry for the Job server in Designer under Base Data | Installation | Job server. For detailed information, see the One Identity Manager Configuration Guide.
Use this task if the Job server has already been declared in One Identity Manager and you want to configure special functions for the Job server.
To edit a Job server and its functions
In Manager, select the category SharePoint Online | Basic configuration data | Server.
Select the Job server entry in the result list.
Select Change master data.
Edit the Job server's master data.
Select Assign server functions in the task view and specify server functionality.