Chat now with support
Chat with Support

Identity Manager 8.1 - Identity Management Base Module Administration Guide

Basics for Mapping Company Structures in One Identity Manager Managing Departments, Cost Centers and Locations Working with Dynamic Roles Employee administration
One Identity Manager users for employee administration Basic data for employee master data Entering employee master data Employee's central user account Employee's central password Employee's default email address Mapping multiple employee identities Disabling and deleting employees Password policies for employees Limited access to One Identity Manager Assigning company resources to employees Displaying the origin of an employee's roles and entitlements Analyzing role memberships and employee assignments Additional tasks for managing employees Determining an employee‘s language Determining an employee's working hours Employee reports
Managing Devices and Workdesks Managing Resources Set up Extended Properties Appendix: Configuration parameters for managing departments, cost centers, and locations Appendix: Configuration parameters for managing employees Appendix: Configuration Parameters for Managing Devices and Workdesks

Testing generation of a password

When you generate a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.

To generate a password that conforms to the password policy

  1. In Manager, select Employees | Basic configuration data | Password policies| Password policies.

  2. Select the password policy in the result list.
  3. Select Change master data.
  4. Select the Test tab.
  5. Click Generate.

    This generates and displays a password.

Informing employees about expiring passwords

There are different ways to inform employees that their password is going to expire:

  • Users are alerted about their password expiring when they log in to One Identity Manager and can change their password if necessary.
  • For employee-based authentication modules, the system sends reminder notifications in relation to expiring passwords as of 7 days in advance of the password expiry date.
    • You can adjust the time in days in the Common | Authentication | DialogUserPasswordReminder configuration parameter. Edit the configuration parameter in the Designer.
    • The notifications are triggered in accordance with the Reminder system user password expires schedule and use the Employee - system user password expires mail template. You can adjust the schedule and mail template in Designer if required.

For detailed information about the One Identity Manager authentication modules and about editing system users, see the One Identity Manager Authorization and Authentication Guide.

Displaying locked employees and system users

If a user has reached the maximum number of failed logins, the employee or system user can no longer log on to One Identity Manager.

  • Locked employees are displayed in Manager in the Employees | Locked employees category. An additional message referring to the locked login is also displayed on the overview form for an employee.

  • Locked system users are displayed in Designer in the Permissions | System users | Locked system user category. An additional message referring to the locked login is also displayed on the overview form for a system user.

Passwords for locked employees and system users can be reset in the Password Reset Portal. For more detailed information, see the One Identity Manager Web Portal User Guide.

Limited access to One Identity Manager

NOTE: This function is only available if the module Attestation Module is installed.

User who only has temporary or limited access to One Identity Manager.can log in through the Web Portal. This functionality can be used, for example, if external employees, such as contract workers, should be provided with temporary access to the One Identity Manager. These employee can log in to the Web Portal as new workers. New employee objects are added for them in the One Identity Manager database.

If you make use of this functionality, take note of the following:

  • In One Identity Manager, an employee with the following properties is created:

    • Certification status: New
    • Disabled permanently: Enabled
    • No inheritance: Enabled
  • If the configuration parameter QER | Attestation | UserApproval is enabled, the new employee is attested automatically.
  • To assign company resources to the employee or to ensure editing permissions in the One Identity Manager, implement custom processes.

For detailed information about attestation, see the One Identity Manager Attestation Administration Guide.

Related Topics
Related Documents