Chat now with support
Chat with Support

Identity Manager 8.1 - Administration Guide for Connecting Unix-Based Target Systems

Managing Unix-Based Systems Setting Up Synchronization with a Unix-Based Target System Base Data for Unix-Based Target Systems Unix Host Unix User Accounts Unix Groups Reports about Unix Objects Appendix: Configuration parameters for managing a Unix environment Appendix: Default Project Template for Unix-Based Target Systems

Disabling User Accounts for AIX Systems

NOTE: The behavior described in the following, only apples to user account in an AIX system.

The way you disable user accounts depends on how they are managed.

Scenario:
  • The user account is linked to employees and is managed through account definitions.

User accounts managed through account definitions are disabled when the employee is temporarily or permanently disabled. The behavior depends on the user account manage level. Accounts with the manage level Full managed manage level are disabled depending on the account definition settings. For user accounts with a manage level, configure the required behavior using the template in the UNXAccount.AIX_account_LockedPAGUser.IsDisabled column.

Scenario:
  • The user accounts are linked to employees. No account definition is applied.

User accounts managed through user account definitions are disabled when the employee is temporarily or permanently disabled. The behavior depends on the QER | Person | TemporaryDeactivation configuration parameter

  • If the configuration parameter is set, the employee’s user accounts are disabled if the employee is permanently or temporarily disabled.

  • If the configuration parameter is not set, the employee’s properties do not have any effect on the associated user accounts.

To disable the user account when the configuration parameter is disabled.

  1. In Manager, select Unix | User accounts.

  2. Select the user account in the result list.

  3. Select Change master data.
  4. Set account_locked on Security.

  5. Save the changes.
Scenario:
  • User accounts not linked to employees.

To disable a user account that is no longer linked to an employee.

  1. In Manager, select Unix | User accounts.

  2. Select the user account in the result list.

  3. Select Change master data.
  4. Set account_locked on Security.

  5. Save the changes.
Related Topics

Deleting and Restoring Unix User Accounts

NOTE: As long as an account definition for an employee is valid, the employee retains the user account that was created by it. If the assignment of an account definition is removed, the user account that was created from this account definition is deleted.

To delete a user account

  1. Select the category Unix | User accounts.
  2. Select the user account in the result list.
  3. Delete the user account.
  4. Confirm the security prompt with Yes.

To restore a user account

  1. Select the category Unix | User accounts.
  2. Select the user account in the result list.
  3. Click Undo delete in the result list toolbar.
Configuring deferred deletion

By default, user accounts are finally deleted from the database after 30 days.The user accounts are initially disabled. You can reenable the user accounts until deferred deletion is run. After deferred deletion is run, the user account are deleted from the database and cannot be restored anymore. You can configure an alternative delay on the table UNXAccount in the Designer.

Related Topics
  • Disabling user accounts for AIX systems
  • For more detailed information about deactivating and deleting employees and user accounts, see the One Identity Manager Target System Base Module Administration Guide.

Unix Groups

In the Unix host, user accounts can be gathered into groups that can be used to regulate access to resources. Local groups are loaded into One Identity Manager by synchronization. You can set up new groups or to edit already existing groups.

To add users to groups, you assign the groups directly to users. This can be assignments of groups to departments, cost centers, location, business roles, or to the IT Shop.

Detailed information about this topic

Entering Master Data for Unix Groups

To edit group master data

  1. In Manager, select Unix | Groups.

  2. Select the group in the result list and run Change master data.

  3. On the master data form, edit the master data for the group.

  4. Save the changes.
Detailed information about this topic
Related Documents