Chat now with support
Chat with Support

Quest has tools and processes in place to identify, protect, detect, and remediate vulnerabilities and incidents when they occur, including external security partners. As part of our standard security operations, Quest does not use CrowdStrike in any of our operations. We are reviewing our third parties, and so far, there is minimal affect. It is Quest's policy not to provide further technical details unless they directly impact customer data.

Identity Manager 9.0 LTS - Administration Guide for Connecting to a Universal Cloud Interface

Managing Universal Cloud Interface environments Synchronizing a cloud application in the Universal Cloud Interface
Setting up initial synchronization with a cloud application in the Universal Cloud Interface Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Provisioning object changes Managing cloud user accounts and employees Managing assignments of cloud groups and system entitlements Login information for cloud user accounts Mapping cloud objects in One Identity Manager
Cloud target systems Container structures Cloud user accounts Cloud groups Cloud system entitlements Cloud permissions controls Reports about objects in cloud target systems
Handling cloud objects in the Web Portal Basic data for managing a Universal Cloud Interface environment Configuration parameters for managing cloud target systems Default project template for cloud applications in the Universal Cloud Interface

Cloud system entitlements

Groups and system entitlements represent the objects used in the cloud application to control access to the cloud resources. A user account obtains the necessary permissions to access cloud resources by assigning it to groups and system entitlements.

Detailed information about this topic
Related topics

Creating and editing cloud system entitlements

To create a system entitlement

  1. In the Manager, select the Cloud target systems > <target system> > System entitlements 1 category.

    - OR -

    In the Manager, select the Cloud target systems > <target system> > System entitlements 2 category.

    - OR -

    In the Manager, select the Cloud target systems > <target system> > System entitlements 3 category.

  2. Click in the result list.

  3. On the main data form, edit the system entitlement's main data.

  4. Save the changes.

To edit the main data of a system entitlement:

  1. In the Manager, select the Cloud target systems > <target system> > System entitlements 1 category.

    - OR -

    In the Manager, select the Cloud target systems > <target system> > System entitlements 2 category.

    - OR -

    In the Manager, select the Cloud target systems > <target system> > System entitlements 3 category.

  2. Select the system entitlement in the result list.

  3. Select the Change main data task.

  4. On the main data form, edit the system entitlement's main data.

  5. Save the changes.
Detailed information about this topic

General main data for system entitlements

Enter the following main data for a system entitlement.

Table 37: General main data of a system entitlement

Property

Description

Name

Name of the system entitlement.

Container

Container in which the system entitlement is added.

Target system

Cloud target system of the system entitlement.

Distinguished name

Distinguished name of the system entitlement.

Display name

The display name is used to display the system entitlement in the One Identity Manager tools' user interface.

System entitlement name

Additional identifier for the system entitlement.

Email address

E-mail address of the system entitlement.

Account manager

Employee responsible for the system entitlement.

To specify an account manager

  1. Click next to the field.
  2. In the Table menu, select the table that maps the account manager.
  3. In the Account manager menu, select the manager.
  4. Click OK.

IT Shop

Specifies whether the system entitlement can be requested through the IT Shop. If this option is set, the system entitlement can be requested by the employees through the Web Portal and distributed with a defined approval process. The system entitlement can still be assigned directly to user accounts and hierarchical roles.

For more information, see the One Identity Manager IT Shop Administration Guide.

Only for use in IT Shop

Specifies whether the system entitlement can only be requested through the IT Shop. If this option is set, the system entitlement can be requested by the employees through the Web Portal and distributed with a defined approval process. Direct assignment of the system entitlement to hierarchical roles or user accounts is not permitted.

Service item

Service item for requesting the system entitlement through the IT Shop.

Risk index

Value for evaluating the risk of assigning the system entitlement to user accounts. Set a value in the range 0 to 1. This input field is only visible if the QER | CalculateRiskIndex configuration parameter is set.

For more information, see the One Identity Manager Risk Assessment Administration Guide.

Category

Category for inheriting system entitlements. System entitlements can be selectively inherited by user accounts. To do this, system entitlements and user accounts are divided into categories. Select one or more categories from the menu.

For more information, see the One Identity Manager Target System Base Module Administration Guide.

Description

Text field for additional explanation.

System entitlement type

Unique identifier of the system entitlement type. This is only required if different system entitlement types are recognized in the cloud application.

Resource type

Name of the resource type such as /Roles.

Detailed information about this topic

User-defined main data for cloud user accounts

You can find customized data for a system entitlements on the User defined tab.

Table 38: User-defined main data of a system entitlement
Property Description

Spare field no. 01- Spare field no. 05

Additional company-specific information. Use the Designer to customize display names, formats, and templates for the input fields.

Spare date no. 01- Spare date no. 03

Additional company-specific information. Use the Designer to customize display names, formats, and templates for the input fields.

Spare text no. 01- Spare text no. 05

Additional company-specific information. Use the Designer to customize display names, formats, and templates for the input fields.

Spare option no. 01 - Spare option no. 05

Additional company-specific information. Use the Designer to customize display names, formats, and templates for the input fields.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating