Chat now with support
Chat with Support

Identity Manager 9.1 - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning employees, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded employees Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Certifying departments, cost centers, and locations Reports about departments, cost centers, and locations
Employee administration
One Identity Manager users for employee administration Basic data for employee main data Employee's central user account Employee's default email address Employee's central password Mapping multiple employee identities Password policies for employees Creating and editing employees Disabling and deleting employees Deleting all employee related data Limited access to One Identity Manager Changing the certification status of employees Assigning company resources to employees Displaying the origin of employees' roles and entitlements Analyzing role memberships and employee assignments Displaying the employees overview Displaying and deleting employees' Webauthn security keys Determining the language for employees Determining employees working hours Manually assigning user accounts to employees Entering calls for employees Assigning extended properties to employees Employee reports
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing employees Configuration parameters for managing devices and workdesks

Main data of exclude lists for dynamic roles

The following main data is displayed for an employee in the exclusion list of a dynamic role.

Table 6: Main data of exclude lists for dynamic roles

Property

Description

Employee

Unique identifier of the excluded employee.

Description

Reason for excluding the employee. If the employee is excluded because attestation was denied or due to a rule violation, a standard reason is entered here.

Condition not applicable

Specifies whether the dynamic role condition applies to the excluded person. If the option is disabled, the condition applies.

TIP: If the option is enabled, the employee can be removed from the exclusion list. For more information, see Removing employees from the exclusion list.

Not assigned by dynamic role

Specifies whether the excluded employee is still assigned to the role by another way.

Employees can, in addition, also become members of the role directly or by assignment request or delegation. The exclusion list does not influence these assignments.

Related topics

Displaying the dynamic role overview

You can see the most important information about a dynamic role on the overview form.

To obtain an overview of a dynamic role

  1. In the Manager, select the role for which the dynamic role was created. The department, for example.

  2. Open the role's overview form.

  3. Select Dynamic roles and click on the dynamic role.

  4. Select the Dynamic role overview task.

  5. Select the report Show overview.

    The report provides a summary of key information about a dynamic role, including the schedule, excluded employees, and recalculation properties.

Main data for dynamic roles

Enter the following data for a dynamic role.

Table 7: Dynamic role main data
Property Description

Role/Organization

Role (department, cost center, location, business role, IT Shop node, application node) referenced by the dynamic role. This data is preset with the selected role.

Object class

Object class that the dynamic role applies to. Choose between Person, Hardware, and Workdesk.

NOTE: The combination of object class and role must be unique. It is not possible that two dynamic roles from the same object class to refer to one role.

Dynamic role

Name of the dynamic role.

Calculation schedule

Schedule, which triggers cyclical recalculation of the role membership.

To create a schedule, click . Enter the schedule's main data.

Description

Text field for additional explanation.

Condition

Defines which objects of the object class become members of the selected role. For more information, see Tips about conditions for dynamic roles.

For more information, see Tips about conditions for dynamic roles.

No recalculation of assignments

Specifies whether to recalculate memberships. If the option is enabled, role memberships will not be recalculated automatically. Existing role memberships remain as they are.

Immediate recalculation of assignments

Specifies whether the dynamic role is recalculated if changes are made to specified properties. If the option is enabled, specify the properties for recalculation.

Recalculation property: Property

Property whose change triggers an immediate recalculation of the dynamic role.

Recalculation property: Disabled

Specifies whether immediate recalculation of the property is disabled.

Related topics

Departments, cost centers, and locations

Departments, cost centers, locations, and business roles are each mapped to their own hierarchy under Organizations. This is due to their special significance for daily work schedules in many companies. Various company resources can be assigned to organizations, for example, permissions in different SAP systems or Azure Active Directory tenants. You can add employees to single roles as members. Employees obtain their company resources through these assignments when the One Identity Manager is appropriately configured.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating