Chat now with support
Chat with Support

Quest has tools and processes in place to identify, protect, detect, and remediate vulnerabilities and incidents when they occur, including external security partners. As part of our standard security operations, Quest does not use CrowdStrike in any of our operations. We are reviewing our third parties, and so far, there is minimal affect. It is Quest's policy not to provide further technical details unless they directly impact customer data.

Identity Manager 9.1 - Administration Guide for Integration with OneLogin Cloud Directory

Integration with OneLogin Cloud Directory Synchronizing a OneLogin domain
Setting up initial synchronization with a OneLogin domain Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing OneLogin user accounts and employees Managing memberships in OneLogin roles Login information for OneLogin user accounts Mapping OneLogin objects in One Identity Manager Handling of OneLogin objects in the Web Portal Base data for OneLogin domains Configuration parameters for managing OneLogin domains Default template for OneLogin domains Editing OneLogin system objects OneLogin connector settings

Defining categories for the inheritance of entitlements

In One Identity Manager, user accounts can selectively inherit roles. To do this, the roles and user accounts are divided into categories. The categories can be freely selected and are specified using a mapping rule. Each category is given a specific position within the template. The mapping rule contains different tables. Use the user account table to specify categories for target system dependent user accounts. In the other tables, enter your categories for the roles. Each table contains the category positions position 1 to position 63.

To define a category

  1. In the Manager, select the domain in the OneLogin > Domains category.

  2. Select the Change main data task.

  3. Switch to the Mapping rule category tab.

  4. Extend the relevant roots of a table.

  5. To enable the category, double-click .

  6. Enter a category name of your choice for user accounts and entitlements in the login language that you use.

  7. Save the changes.
Detailed information about this topic

Editing the synchronization project for a OneLogin domain

Synchronization projects in which a domain is already used as a base object can also be opened in the Manager. You can, for example, check the configuration or view the synchronization log in this mode. The Synchronization Editor is not started with its full functionality. You cannot run certain functions, such as, running synchronization or simulation, starting the target system browser and others.

NOTE: The Manager is locked for editing throughout. To edit objects in the Manager, close the Synchronization Editor.

To open an existing synchronization project in the Synchronization Editor:

  1. In the Manager, select the OneLogin > Domains category.

  2. Select the domain in the result list. Select the Change main data task.

  3. Select the Edit synchronization project task.

Related topics

Displaying the OneLogin domain overview

Use this task to obtain an overview of the most important information about a domain.

To obtain an overview of a domain

  1. In the Manager, select the OneLogin > Domains category.

  2. Select the domain in the result list.

  3. Select the OneLogin domain overview task.

OneLogin user accounts

You can use One Identity Manager to manage OneLogin user accounts. A user can login in to a domain with a user account and obtain group memberships and access permissions to the applications.

A user account can be linked to an employee in One Identity Manager. You can also manage user accounts separately from employees.

NOTE: It is recommended to use account definitions to set up user accounts for company employees. In this case, some of the main data described in the following is mapped through templates from employee main data.

NOTE: If employees are to obtain their user accounts through account definitions, the employees must own a central user account and obtain their IT operating data through assignment to a primary department, a primary location, or a primary cost center.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating