Chat now with support
Chat with Support

Identity Manager 9.2.1 - Target System Base Module Administration Guide

Basic mechanisms for identity and user account administration The Unified Namespace

Identity's central user account

The identity’s central user account is used to form the user account login name in the active system. The central user account is still used for logging into the One Identity Manager tools.

In the One Identity Manager default installation, the central user account is made up of the first and the last name of the identity. If only one of these is known, then it is used for the central user account. There is always a check to see if a central user account with that value already exists. If this is the case, an incremental number is added to the end of the value.

Table 2: Example of forming of central user accounts
First name Last name Central user account

Alex

 

ALEX

 

Miller

MILLER

Alex

Miller

ALEXM

Alex

Meyer

ALEXM1

Use the QER | Person | CentralAccountGlobalUnique configuration parameter to define how to map the central user account.

  • If this configuration parameter is set, the central user account for an identity is formed uniquely in relation to the central user accounts of all identities and the user account names of all permitted target systems.

  • If the configuration parameter is not set, it is only formed uniquely related to the central user accounts of all identities. This is the default.

Related topics

Identity's default email address

The identity’s default email address is displayed on the mailboxes in the activated target system. In the One Identity Manager default installation, the default email address is formed from the identity’s central user account and the default mail domain of the active target system.

The default mail domain is determined using the QER | Person | DefaultMailDomain configuration parameter.

  • In the Designer, set the configuration parameter and enter the default mail domain name as a value.

Related topics

Changing identities' main data

The following covers only the main data that affects the user account of an identity with the Full managed manage level if it is changed in the One Identity Manager default installation.

General changes

General changes refer to data changes relating to an identity’s telephone number, fax number, mobile telephone, street, postal, or ZIP code. This process changes the data in the target system to which the identities are assigned, assuming this data is mapped in the respective target systems.

Changing an identity’s name

Changes to an identity’s name influence how an identity’s central user account is set up. The central user account is made up of the first and last names according to the formatting rules. The central user account is used as a template for formatting user account login names in some target systems. When a user account is added, other overriding formatting rules control how, for example, the home and profile directories are formatted up from the central user account.

Identity job rotation inhouse

Job rotation is affected by changes to the company data location or department. In One Identity Manager, the administrative tasks for changing the target system specific IT operating data, for example, domains, home servers, or profile servers, are automated. There are other sub-processes for each target system due to system-dependent differences in the actions necessary for changing departments.

Related topics

Templates and processes for implementing account definitions

Only user account properties used in the script template TSB_ITDataFromOrg are available. Create custom templates using this script if you want to use different or additional properties than those in the default installation.

In the One Identity Manager default installation there is one process per target system type for creating user accounts through account definitions. These can be used as templates for the company-specific implementation of the method.

NOTE: Processes are defined in the One Identity Manager modules and are not available until the modules are installed.

The name of the process is formatted as follows:

<MMM>_PersonHasTSBAccountDef_Autocreate_<user account table>

where:

<MMM> = module ID

<user account table> = Table, in which the user account of the target system type is mapped.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating