Chat now with support
Chat with Support

Quest has tools and processes in place to identify, protect, detect, and remediate vulnerabilities and incidents when they occur, including external security partners. As part of our standard security operations, Quest does not use CrowdStrike in any of our operations. We are reviewing our third parties, and so far, there is minimal affect. It is Quest's policy not to provide further technical details unless they directly impact customer data.

Identity Manager 9.0 LTS - Administration Guide for Connecting to a Universal Cloud Interface

Managing Universal Cloud Interface environments Synchronizing a cloud application in the Universal Cloud Interface
Setting up initial synchronization with a cloud application in the Universal Cloud Interface Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Provisioning object changes Managing cloud user accounts and employees Managing assignments of cloud groups and system entitlements Login information for cloud user accounts Mapping cloud objects in One Identity Manager
Cloud target systems Container structures Cloud user accounts Cloud groups Cloud system entitlements Cloud permissions controls Reports about objects in cloud target systems
Handling cloud objects in the Web Portal Basic data for managing a Universal Cloud Interface environment Configuration parameters for managing cloud target systems Default project template for cloud applications in the Universal Cloud Interface

Assigning cloud user account directly to cloud system entitlements

To react quickly to special requests, you can assign the system entitlements directly to user accounts. You cannot directly assign system entitlements that have the Only use in IT Shop option set.

To assign user accounts directly to a system entitlement

  1. In the Manager, select the Cloud target systems > <target system> > System entitlements 1 category.

    - OR -

    In the Manager, select the Cloud target systems > <target system> > System entitlements 2 category.

    - OR -

    In the Manager, select the Cloud target systems > <target system> > System entitlements 3 category.

  2. Select the system entitlement in the result list.

  3. Select the Assign user accounts task.

  4. In the Add assignments pane, assign the user accounts.

    TIP: In the Remove assignments pane, you can remove assigned user accounts.

    To remove an assignment

    • Select the user account and double-click .

  5. Save the changes.
Related topics

Assigning cloud groups directly to cloud user accounts

Cloud groups can be assigned directly or indirectly to a user account. Indirect assignment is carried out by allocating the employee and groups in hierarchical roles, such as departments, cost centers, locations, or business roles. If the employee has a cloud user account, cloud groups in the hierarchical roles are inherited by this user account.

To assign groups directly to user accounts

  1. In the Manager, select the Cloud Target Systems > target system > User accounts category.

  2. Select the user account in the result list.

  3. Select the Assign cloud groups and system entitlements task.

  4. Select the Cloud Groups tab.

  5. In the Add assignments pane, assign the groups.

    TIP: In the Remove assignments pane, you can remove the assignment of groups.

    To remove an assignment

    • Select the group and double-click .

  6. Save the changes.

NOTE: The primary group of a user account is already assigned and is marked as Does not apply yet. Edit the user account's main data to change its primary group.

Related topics

Assigning cloud system entitlements directly to cloud user accounts

To react quickly to special requests, you can assign system entitlements directly to a user account. You cannot directly assign system entitlements that have the Only use in IT Shop option set.

To assign system entitlements directly to a user account

  1. In the Manager, select the Cloud Target Systems > target system > User accounts category.

  2. Select the user account in the result list.

  3. Select the Assign cloud groups and system entitlements task.

  4. Select the Cloud system entitlements 1 tab.

    - OR -

    Select the Cloud system entitlements 2 tab.

    - OR -

    Select the Cloud system entitlements 3 tab.

  5. In the Add assignments pane, assign the system entitlements.

    TIP: In the Remove assignments pane, you can remove system entitlement assignments.

    To remove an assignment

    • Select the system entitlement and double-click .

  6. Save the changes.
Related topics

Assigning default profiles to user accounts in Salesforce applications

Cloud applications such as Salesforce require a system entitlement with a specific type to be already assigned when new user accounts are created. To this purpose, a default profile is automatically assigned to cloud user accounts when they are created in One Identity Manager.

Prerequisites
  • Synchronization of a cloud application with the SCIM connector is set up in Universal Cloud Interface. When creating the synchronization project, the target product One Identity Starling Connect was selected and the One Identity Starling Connect synchronization project template was used.

  • The target system was initially synchronized.

  • Cloud application synchronization is set up in Cloud Systems Management Module.

  • The cloud target system was initially synchronized.

  • In the canonical name or display name of the cloud target system, the string Salesforce is used.

  • There is a Cloud system entitlement 2 to be used as the default profile. The system entitlement name is entered for this system entitlement (CSMGroup2.GroupName).

To change the default profile for new user accounts

  • In the Designer, edit the value of the TargetSystem | CSM | ApplicationType | Salesforce | DefaultProfileName configuration parameter and enter the name of the system entitlement 2, which is then assigned automatically to all new user accounts.

NOTE: By default, the mapping in Universal Cloud Interface is transferred to the cloud application by the vrtProfileFirst profiles~value property mapping rule in the user mapping. If the default profile in the cloud application is stored in a different schema property, adjust the property mapping rule accordingly.

TIP: If you do not want a default profile to be automatically assigned to new user accounts, disable the TargetSystem | CSM | ApplicationType | Salesforce | DefaultProfileName configuration parameter in the Designer.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating