Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Identity Manager 9.0 LTS - Identity Management Base Module Administration Guide

Table of Contents

Basics for mapping company structures in One Identity Manager

Hierarchical role structure basic principles

Inheritance directions within a hierarchy Discontinuing inheritance

Basic principles for assigning company resources

Direct company resource assignments Indirect company resource assignments

Secondary assignment Primary assignment

Assigning company resources through dynamic roles Assigning company resources through IT Shop requests

Basics of calculating inheritance

Calculating inheritance by hierarchical roles Calculation of assignments

Preparing hierarchical roles for company resource assignments

Possible assignments of company resources through roles Permitting assignments of employees, devices, workdesks, and company resources to roles Blocking inheritance using roles Preventing employees, devices, or workdesks from inheriting individual roles Preventing inheritance to individual employees, devices, or workdesks Inheritance exclusion: Specifying conflicting roles

Creating and editing dynamic roles Tips about conditions for dynamic roles Testing dynamic role conditions Calculating role memberships for dynamic roles

Schedules for calculating dynamic roles

Creating and editing dynamic role schedules Starting dynamic role schedules immediately Assigning dynamic roles to schedules

Calculating dynamic roles immediately if objects change

Editing properties for immediate recalculation

Calculating role memberships for dynamic roles immediately Excluding dynamic roles from recalculation

Excluding employees from dynamic roles

Removing employees from the exclusion list Main data of exclude lists for dynamic roles

Displaying the dynamic role overview Main data for dynamic roles

Departments, cost centers, and locations

One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations

Role classes for departments, cost centers, and locations

Assigning role types to role classes for departments, cost centers, and locations

Role types for departments, cost centers, and locations

Creating role types for departments, cost centers, and locations Assigning role classes to role types for departments, cost centers, and locations

Functional areas for departments, cost centers, and locations Attestors for departments, cost centers, and locations Approvers and approvers (IT) for departments, cost centers, and locations

Creating and editing departments

General main data for departments Contact data for departments Functional area and risk assessment for departments

Creating and editing cost centers

General main data for cost centers Functional area and risk assessment for cost centers

Creating and editing locations

General main data for locations Location address information Configuring location networks Directions to location Functional area and risk assessment for locations

Setting up IT operating data for departments, cost centers, and locations

Modify IT operating data

Assigning employees, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded employees Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Reports about departments, cost centers, and locations

Employee administration

One Identity Manager users for employee administration Basic data for employee main data

Creating and editing business partners for external employees Mail templates for notifications about employees

Creating and editing mail definitions for employees Base object for mail templates about employees Editing mail templates for employees

Employee's central user account Employee's default email address Employee's central password Mapping multiple employee identities

Employee identity types

Password policies for employees

Predefined password policies Applying employee password policies Changing the password policy for password columns Assigning password policies to departments, cost centers, locations, and business roles Editing password policies for employees Creating password policies for employees General main data for password policies Password policy settings Character classes for passwords Custom scripts for password requirements

Checking passwords with a script Generating passwords with a script

Defining the excluded list for passwords Checking employee passwords Generating passwords for testing employees Informing employees about expiring passwords Displaying locked employees and system users

Creating and editing employees

General employee main data Organizational employee main data Address data for employees Miscellaneous employee main data

Disabling and deleting employees

Temporarily deactivating employees Permanently deactivating employees Reactivate permanently deactivated employees Deferred deletion of employees

Deleting all employee related data Limited access to One Identity Manager Changing the certification status of employees Assigning company resources to employees

Assigning employees to departments, cost centers, and locations Assigning employees to business roles Adding employees to IT Shop custom nodes Assigning application roles to employees Assigning resources directly to employees Assigning software directly to employees Assigning system roles directly to employees Assigning subscribable reports directly to employees

Displaying the origin of employees' roles and entitlements Analyzing role memberships and employee assignments Displaying the employees overview Displaying and deleting employees' Webauthn security keys Determining the language for employees Determining employees working hours Manually assigning user accounts to employees Entering calls for employees Assigning extended properties to employees Employee reports

Managing devices and workdesks

Basic data for device admin

Creating and editing device models

General main data for device models Inventory data for device models

Creating and editing business partners Creating and editing device statuses Creating and editing workdesk statuses Creating and editing workdesk types

Creating and editing devices

General main data for devices Device networking data

Assigning company resources to devices

Assigning devices to departments, cost centers, and locations Assigning devices to business roles

Displaying the device overview Entering service agreements and calls for devices Creating and editing workdesks

General main data of workdesks Location information for workdesks Additional information for workdesks

Assigning company resources to workdesks

Assigning workdesks to departments, cost centers, and locations Assigning workdesks to business roles Assigning software directly to workdesks Assigning system roles directly to workdesks

Displaying the workdesk overview Assigning devices to workdesks Assigning workdesks to employees Entering calls for workdesks Asset data for devices

Creating and editing asset classes for devices Creating and editing asset types for devices Entering investments and investment plans for devices Editing device asset data

Main data for devices' asset data Commercial data for devices

Managing resources

One Identity Manager users for managing resources Basic data for resources

Creating and editing resources Main data for resources Assigning resources to employees

Assigning resources to departments, cost centers, and locations Assigning resources to business roles Assigning resources directly to employees Adding resources to the IT Shop Adding resources in system roles

Displaying the resources overview Assigning extended properties to resources Creating and editing multi-request resources

Main data for multi-request resources

Assigning multi-request resources to employees Adding multi-request resources to the IT Shop Displaying the multi-request resource overview Reports about resources

Setting up extended properties

One Identity Manager users for managing extended properties Creating property groups for extended properties Creating and editing extended properties Main data for extended properties Assigning extended properties to property groups Assigning additional property groups to extended properties Specifying scope limits for extended properties Displaying the extended properties overview Assigning objects to extended properties

Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing employees Configuration parameters for managing devices and workdesks

Reports about resources

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for resources.

NOTE: Other sections may be available depending on the which modules are installed.

Table 65: Reports about resources
Report	Description
Overview of all assignments	This report finds all roles containing employees with the selected resource.

Related topics

Analyzing role memberships and employee assignments

Setting up extended properties

Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager. You can assign extended properties to company resources, hierarchical roles, and employees. They can, for example, be used in the rule conditions of compliance rules.

To assign extended properties

First, set up a property group, under which the extended properties will be grouped.
Set up the extended properties in the property group.
Assign the extended properties to the objects.

There can be any number of objects of different object types assigned to an extended property at this point.

Detailed information about this topic

One Identity Manager users for managing extended properties

The following users are used for managing extended properties.

Table 66: Users
Users	Tasks
Administrators for the IT Shop	Administrators must be assigned to the Request & Fulfillment \| IT Shop \| Administrators application role. Users with this application role: Create extended properties for company resources of any type.
One Identity Manager administrators	One Identity Manager administrator and administrative system users Administrative system users are not added to application roles. One Identity Manager administrators: Create customized permissions groups for application roles for role-based login to administration tools in the Designer as required. Create system users and permissions groups for non role-based login to administration tools in the Designer as required. Enable or disable additional configuration parameters in the Designer as required. Create custom processes in the Designer as required. Create and configure schedules as required. Create and configure password policies as required.

Creating property groups for extended properties

Property groups are used to group extended properties. Each extended property must be assigned to at least one property group. Furthermore, you can assign the extended properties to any other property groups.

To create a property group

In the Manager, select the Entitlements > Basic configuration data > Extended properties category.
Click in the result list.
Enter a name and description for the property group.
Save the changes.

Related topics

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center