Chat now with support
Chat with Support

Identity Manager 8.1 - Identity Management Base Module Administration Guide

Basics for Mapping Company Structures in One Identity Manager Managing Departments, Cost Centers and Locations Working with Dynamic Roles Employee administration
One Identity Manager users for employee administration Basic data for employee master data Entering employee master data Employee's central user account Employee's central password Employee's default email address Mapping multiple employee identities Disabling and deleting employees Password policies for employees Limited access to One Identity Manager Assigning company resources to employees Displaying the origin of an employee's roles and entitlements Analyzing role memberships and employee assignments Additional tasks for managing employees Determining an employee‘s language Determining an employee's working hours Employee reports
Managing Devices and Workdesks Managing Resources Set up Extended Properties Appendix: Configuration parameters for managing departments, cost centers, and locations Appendix: Configuration parameters for managing employees Appendix: Configuration Parameters for Managing Devices and Workdesks

Assign Objects

You can assign extended properties to company resources, hierarchical roles, and employees.

To assign objects to an extended property

  1. Select Entitlements| Basic configuration data | Extended properties | <property group>.
  2. Select the extended property in the result list.

  3. Select Assign objects.
  4. Select the desired object type in Select object type.

    The object belonging to the object types are displayed on the form.

  5. Assign objects in Add assignments.

    - OR -

    Remove objects in Remove assignments.

  6. Save the changes.

Assigning property groups

Each extended property must be assigned to at least one property group. Furthermore, you can assign the extended properties to any other property groups.

To assign an extended property to a property group

  1. Select Entitlements| Basic configuration data | Extended properties | <property group>.
  2. Select the extended property in the result list.

  3. Select Assign property groups.
  4. Assign property groups in Add assignments.

    - OR -

    Remove property groups in Remove assignments.

  5. Save the changes.
Related Topics

Appendix: Configuration parameters for managing departments, cost centers, and locations

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 76: Configuration parameters
Configuration parameters Description
QER | Structures If the configuration parameter is set, hierarchical roles are supported.

QER | Structures | DynamicGroupCheck

This configuration parameter controls the generation of calculation tasks for dynamic roles. If the configuration parameter is not set, the subparameters do not apply.

QER | Structures | DynamicGroupCheck |
CalculateImmediatelyPerson

If the parameter is set, a calculation task for modifications to employees or employee level objects is queued immediately in the DBQueue Processor. If the parameter is not set, the calculation tasks are queued the next time the schedule is planned to run.

QER | Structures | DynamicGroupCheck |
CalculateImmediatelyHardware

If the parameter is set, a calculation task for modifications to employees or employee level objects is queued immediately in the DBQueue Processor. If the parameter is not set, the calculation tasks are queued the next time the schedule is planned to run.

QER | Structures | DynamicGroupCheck |
CalculateImmediatelyWorkdesk

If the parameter is set, a calculation task for modifications to workdesks or workdesk level objects is queued immediately in the DBQueue Processor. If the parameter is not set, the calculation tasks are queued the next time the schedule is planned to run.

QER | Structures | ExcludeStructures Preprocessor relevant configuration parameter for defining the effectiveness of role memberships. If this parameter is set, mutually excluding roles can be defined. The database must be recompiled after changes have been made to the parameter.

QER | Structures | Inherite | Employee

This configuration parameter specifies whether employees can inherit through primary assignments.

QER | Structures | Inherite | Employee| GroupExclusion

This configuration parameter specifies whether employees inherit assignments from their primary department (Person.UID_Department).

QER | Structures | Inherite | Employe | FromLocality

This configuration parameter specifies whether employees inherit assignments from their primary location(Person.UID_Locality).

QER | Structures | Inherite | Employee| FromProfitCenter

This configuration parameter specifies whether employees inherit assignments from their primary cost center(Person.UID_ProfitCenter).

QER | Structures | Inherite | Hardware

This configuration parameter specifies whether devices inherit through primary assignment.

QER | Structures | Inherite | Hardware | FromDepartment

This configuration parameter specifies whether devices inherit assignments from their primary department (Hardware.UID_Department).

QER | Structures | Inherite | Hardware | FromLocality

This configuration parameter specifies whether devices inherit assignments from their primary location(Hardware.UID_Locality).

QER | Structures | Inherite | Hardware | FromProfitCenter

This configuration parameter specifies whether devices inherit assignments from their primary cost center(Hardware.UID_ProfitCenter).

QER | Structures | Inherite | Workdesk

This configuration parameter specifies whether workdesks can inherit through primary assignments.

QER | Structures | Inherite | Workdesk | FromDepartment

This configuration parameter specifies whether workdesks inherit assignments from their primary department (Workdesk.UID_Department).

QER | Structures | Inherite | Workdesk | FromLocality

This configuration parameter specifies whether workdesks inherit assignments from their primary location (Workdesk.UID_Locality).

QER | Structures | Inherite | Workdesk | FromProfitCenter

This configuration parameter specifies whether workdesks inherit assignments from their primary cost center (Person.UID_ProfitCenter).

Appendix: Configuration parameters for managing employees

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 77: Configuration parameter

Configuration parameter

Description

QER | Person

If this configuration parameter is set, employee administration is supported.

QER | Person | CentralAccountGlobalUnique

This configuration parameter specifies how the central user account is mapped.

If this configuration parameter is set, the central user account for an employee is formed uniquely in relation to the central user accounts of all employees and the user account names of all permitted target systems.

If the configuration parameter is not set, it is only formed uniquely related to the central user accounts of all employees.

QER | Person | DefaultMailDomain

This configuration parameter contains the default mail domain. The value is used to establish an employee's email address.

Person | MasterIdentity | UseMasterForAuthentication

This configuration parameter specifies whether the main identity should be used to log in to One Identity Manager tools through an employee linked authentication module.

If this parameter is set, the main identity is used for employee linked authentication. If the parameter is not set, the subidentity for employee-linked authentication is used.

QER | Person | PasswordResetAuthenticator | InvalidateUsedQuery

This configuration parameter defines whether the password questions user for a successful password reset become invalid after they are used.

QER | Person | PasswordResetAuthenticator | QueryAnswerDefinitions

This configuration parameter determines the number of password questions that an employee has to define in order to change their password.

QER | Person | PasswordResetAuthenticator | QueryAnswerRequests

This configuration parameter determines the number of password questions that an employee has to answer in order to change their password.

QER | Person | PasswordResetAuthenticator | PasscodeSplit

This parameter determines whether an access code generated by the helpdesk is split into two components, one for the helpdesk and one for the employee's manager.

QER | Person | TemporaryDeactivation

This configuration parameter controls the behavior between employees and user accounts if employees are temporarily inactivated.

If the configuration parameter is set, the employee’s user accounts are locked if the employee is permanently or temporarily disabled.

If the configuration parameter is not set, the employee’s properties do not have any effect on the associated user accounts.

QER | Person | UseCentralPassword

This configuration parameter specifies whether the employee's central password is used in the user accounts. The employee’s central password is automatically mapped to the employee’s user account in all permitted target systems. This excludes privileged user accounts, which are not updated.

QER | Person | UseCentralPassword | PermanentStore

This configuration parameter controls the storage period for central passwords. If the configuration parameter is enabled, the central password is stored in the One Identity Manager database and is used for new users. If the configuration parameter is disabled, the central password is deleted from the One Identity Manager database following publishing to the existing user accounts. The central password is not available for new user accounts.

QER | Person | UseCentralPassword | SyncToSystemPassword

This configuration parameter defines whether the employee's central password is copied to the employee's system user password.

SysConfig

If this configuration parameter is set, you can configure general settings for system behavior.

SysConfig | Display

If the configuration parameter is set, user interface design is supported.

SysConfig | Display | SourceDetective

Preprocessor relevant configuration parameter for controlling how the source of an employee's entitlements are displayed. Changes to this parameter require the database to be recompiled.

Related Documents