Chat now with support
Chat with Support

Identity Manager 9.1.2 - Authorization and Authentication Guide

About this guide One Identity Manager application roles Granting One Identity Manager schema permissions through permissions groups Managing permissions to program functions One Identity Manager authentication modules OAuth 2.0/OpenID Connect authentication Multi-factor authentication in One Identity Manager Granular permissions for the SQL Server and database Installing One Identity Redistributable STS Preventing blind SQL injection Program functions for starting the One Identity Manager tools Minimum access levels of One Identity Manager tools

Application roles for business roles

NOTE: This application role is available if the Business Roles Module is installed.

The following application roles are available for the administration of business roles:

Table 7: Application roles for business roles
Application role Description

Administrators

 

Administrators must be assigned to the Identity Management | Business roles | Administrators application role.

Users with this application role:

  • Create and edit business roles.

  • Assign company resources to business roles.

  • Attest business roles' main data.

  • Administrate application roles for role approvers, role approvers (IT), and attestors.

  • Set up other application roles as required.

Additional managers

The additional managers must be assigned to the Identity Management | Business roles| Additional managers application role or to a child application role.

Users with this application role:

  • Have permission to manage business roles.

Attestors

 

Attestors must be assigned to the Identity Management | Business roles | Attestors application role or a child application role.

Users with this application role:

  • Attest correct assignment of company resource to business roles for which they are responsible.

  • Can view main data for these business roles but not edit them.

NOTE: This application role is available if the module Attestation Module is installed.

Role approver

 

Approvers must be assigned to the Identity Management | Business roles | Role approvers application role or a child application role.

Users with this application role:

  • Are approvers for the IT Shop.

  • Approve requests from business roles for which they are responsible.

Role approver (IT)

 

IT role approvers must be assigned to the Identity Management | Business roles | Role approvers (IT) application role or a child application role.

Users with this application role:

  • Are IT role approvers for the IT Shop.

  • Approve requests from business roles for which they are responsible.

Application roles for organizations

NOTE: This application role is available if the Identity Management Base Module is installed.

The following application roles are available for the administration of departments, cost centers and locations:

Table 8: Application roles for organizations
Application role Description

Administrators

 

Administrators must be assigned to the Identity Management | Organizations | Administrators application role.

Users with this application role:

  • Set up and edit departments, cost centers, and locations.

  • Assign company resources to departments, cost centers, and locations.

  • Attest the main data of departments, cost centers, and locations.

  • Administrate application roles for role approvers, role approvers (IT), and attestors.

  • Set up other application roles as required.

Additional managers

The additional managers must be assigned to the Identity Management | Organizations | Additional managers application role or to a child application role.

Users with this application role:

  • Have permission to manage departments, cost centers and locations.

Attestors

 

Attestors must be assigned to the Identity Management | Organizations | Attestors application role or a child application role.

Users with this application role:

  • Attest correct assignment of company resources to departments, cost centers, and locations for which they are responsible.

  • Can view main data for departments, cost centers, and locations but cannot edit them.

NOTE: This application role is available if the module Attestation Module is installed.

Role approver

 

Role approvers must be assigned to the Identity Management | Organizations | Role approvers application role or a child application role.

Users with this application role:

  • Are approvers for the IT Shop.

  • Approve request from departments, cost centers, and locations for which they are responsible.

Role approver (IT)

 

IT role approvers must be assigned to the Identity Management | Organizations | Role approvers (IT) application role or a child application role.

Users with this application role:

  • Are IT role approvers for the IT Shop.

  • Approve request from departments, cost centers, and locations for which they are responsible.

Application role for application roles

NOTE: This application role is available if the module Identity Management Base Module is installed.

The following application role is available for application role administration.

Table 9: Application roles for organizations
Application role Description

Additional managers

The additional managers must be assigned to the Identity Management | Aplpication roles| Additional managers application role or to a child application role.

Users with this application role:

  • Have permission to manage application roles.

Application for employee administrators

NOTE: This application role is available if the module Identity Management Base Module is installed.

The following application role is available for employee administration:

Table 10: Application roles for employees
Application role Description

Administrators

Employee administrators must be assigned to the Identity Management | Employees| Administrators application role.

Users with this application role:

  • Can edit main data for all employees

  • Assign managers to employees.

  • Can assign company resources to employees.

  • Check and authorize employee main data.

  • Create and edit risk index functions.

  • Edit password policies for employee passwords

  • Delete employee's security keys (WebAuthn)

  • Can see everyone's requests, attestations, and delegations and edit delegations in the Web Portal.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating