Chat now with support
Chat with Support

Identity Manager 8.1 - Identity Management Base Module Administration Guide

Basics for Mapping Company Structures in One Identity Manager Managing Departments, Cost Centers and Locations Working with Dynamic Roles Employee administration
One Identity Manager users for employee administration Basic data for employee master data Entering employee master data Employee's central user account Employee's central password Employee's default email address Mapping multiple employee identities Disabling and deleting employees Password policies for employees Limited access to One Identity Manager Assigning company resources to employees Displaying the origin of an employee's roles and entitlements Analyzing role memberships and employee assignments Additional tasks for managing employees Determining an employee‘s language Determining an employee's working hours Employee reports
Managing Devices and Workdesks Managing Resources Set up Extended Properties Appendix: Configuration parameters for managing departments, cost centers, and locations Appendix: Configuration parameters for managing employees Appendix: Configuration Parameters for Managing Devices and Workdesks

Assigning Company Resources to Workdesks

One Identity Manager uses different assignment types to assign company resources.

  • Indirect assignment

    In the case of indirect assignment of company resources, employees, devices and workdesks are arranged in departments, cost centers, locations, business roles or application roles. The total of assigned company resources for an employee, device or workdesk is calculated from the position within the hierarchies, the direction of inheritance (top-down or bottom-up) and the company resources assigned to these roles. In the Indirect assignment methods a difference between primary and secondary assignment is taken into account.

  • Direct assignment

    Direct assignment of company resources results from the assignment of a company resource to an employee, device, or workdesk, for example. Direct assignment of company resources makes it easier to react to special requirements.

  • Assignment by dynamic roles

    Assignment through dynamic roles is a special case of indirect assignment. Dynamic roles are used to specify role memberships dynamically. Employees, devices, and workdesks are not permanently assigned to a role, just when they fulfill certain conditions. A check is performed regularly to assess which employees, devices, or workdesks fulfill these conditions. The means the role memberships change dynamically. For example, company resources can be assigned dynamically to all employees in a department in this way; if an employee leaves the department they immediately lose the resources assigned to them.

The following table shows the possible company resources assignments to workdesks.

NOTE: Company resources are defined in the One Identity Manager modules and are not available until the modules are installed.
Table 63: Possible assignments of company resources to workdesks
Company Resource Direct assignment permitted Indirect assignment permitted Remarks

System roles

+ +  

Applications

+ +  

Active Directory groups

- +

All Active Directory computers that reference the workdesk device are added to Active Directory groups.

LDAP groups

- +

All LDAP computers that reference the workdesk device are added to LDAP groups.

Detailed information about this topic
Related Topics

Assigning Workdesks to Departments, Cost Centers and Locations

Assign workdesks to departments, cost centers, and locations so that they obtain company resources through these organizations. To assign company resources to departments, cost centers, or locations, use the appropriate organization tasks.

To assign a workdesk to departments, cost centers, and locations (secondary assignment; default method)

  1. Select the category Devices & Workdesks | Workdesks | Names.
  2. Select the workdesk in the result list.
  3. Select Assign organizations.
  4. Assign organizations in Add assignments.

    • Assign departments on the Departments tab.

    • Assign locations on the Locations tab.

    • Assign cost centers on the Cost centers tab.

    TIP: In the Remove assignments area, you can remove the assignment of organizations.

    To remove an assignment

    • Select the organization and double click .

  5. Save the changes.

To assign a workdesk to departments, cost centers, and locations (primary assignment)

  1. Select the category Devices & Workdesks | Workdesks | Names.
  2. Select the workdesk in the result list.
  3. Select Change master data.
  4. Adjust the following master data:
    • Primary department
    • Primary cost center
    • Primary location
  5. Save the changes.
Related Topics

Assigning Workdesks to Business Roles

Installed modules:

Business Roles Module

Assign the workdesk to business roles so that the workdesk obtains its company resources through these business roles. To assign company resources to business roles user the corresponding business role tasks.

To assign a workdesk to business roles (secondary assignment; default method)

  1. Select the category Devices & Workdesks | Workdesks | Names.
  2. Select the workdesk in the result list.
  3. Select Assign business roles in the task view.
  4. Assign business roles in Add assignments.

    TIP: In the Remove assignments area, you can remove the assignment of business roles.

    To remove an assignment

    • Select the business role and double click .

  5. Save the changes.

To assign a workdesk to business roles (primary assignment)

  1. Select the category Devices & Workdesks | Workdesks | Names.
  2. Select the workdesk in the result list.
  3. Select Change master data.
  4. Enter the primary role.
  5. Save the changes.
Related Topics

Assigning Applications Directly to Workdesks

You can assign applications directly or indirectly to a workdesk. Indirect assignment is carried out by allocating the workdesk and applications in company structures, such as departments, cost centers, locations, or business roles.

To react quickly to special requests, you can assign applications directly to a workdesk. Information about the applications is written to the workstation set up file that is assigned to this workdesk.

To assign applications to a workdesk

  1. Select the category Devices & Workdesks | Workdesks | Names.
  2. Select the workdesk in the result list.
  3. Select Assign applications in the task view, to assign application directly to the workdesk.
  4. Assign applications in Add assignments.

    - OR -

    Remove applications in Remove assignments.

  5. Save the changes.
Related Topics
Related Documents