To assign an account definition directly to identities
1. In One Identity Manager, select the Epic healthcare| Basic configuration data | Account definitions | Account definitions category.
2. Select an account definition in the result list.
3. Select the Assign to identities task.
4. Assign identities in Add assignments.
NOTE: In Remove assignments, you can remove the assignment of identities. To remove an assignment, select the identity and double-click .
5. Save the changes.
Installed modules: System Roles Module
NOTE: Account definitions with the Only use in IT Shop option can only be assigned to system roles that also have this option set.
To add account definitions to a system role
1. In One Identity Manager, select the Epic healthcare| Basic configuration data | Account definitions | Account definitions category.
2. Select an account definition in the result list.
3. Select the Assign system roles task.
4. Assign system roles in Add assignments.
NOTE: In Remove assignments, you can remove the assignment of system roles. To remove an assignment, select the system role and double-click .
5. Save the changes
A account definition can be requested by shop customers when it is assigned to an IT Shop shelf. To ensure it can be requested, further prerequisites need to be guaranteed.
• The account definition must be labeled with the IT Shop option.
• The account definition must be assigned to a service item.
NOTE: In the Web Portal, all products that can be requested are grouped together by service category. To make the account definition easier to find in the Web Portal, assign a service category to the service item.
• If the account definition is only assigned to identities using IT Shop assignments, you must also set the Only for use in IT Shop option. Direct assignment to hierarchical roles may not be possible.
NOTE: IT Shop administrators can assign account definitions to IT Shop shelves if login is role-based. Target system administrators are not authorized to add account definitions in the IT Shop.
To add an account definition to the IT Shop
1. In One Identity Manager, select the Epic healthcare| Basic configuration data | Account definitions | Account definitions (non role-based login) category.
- OR -
In One Identity Manager, select the Entitlements | Account definitions (role-based login) category.
2. Select an account definition in the result list.
3. Select the Add to IT Shop task.
4. Assign the account definitions to the IT Shop shelves in Add assignments.
5. Save the changes.
To remove an account definition from individual IT Shop shelves
1. In One Identity Manager,, select the Epic healthcare| Basic configuration data | Account definitions | Account definitions (non role-based login) category.
- OR -
In One Identity Manager, select the Entitlements | Account definitions (role-based login) category.
2. Select an account definition in the result list.
3. Select the Add to IT Shop task.
4. Remove the account definitions from the IT Shop shelves in Remove assignments.
5. Save the changes.
To remove an account definition from all IT Shop shelves
1. In One Identity Manager, select the Epic healthcare | Basic configuration data | Account definitions | Account definitions (non role-based login) category.
- OR -
In One Identity Manager, select the Entitlements | Account definitions (role-based login) category.
2. Select an account definition in the result list.
3. Select the Remove from all shelves (IT Shop) task.
4. Confirm the security prompt with Yes.
5. Click OK.
The account definition is removed from all shelves by One Identity Manager Service. All requests and assignment requests with this account definition are canceled in the process.
Related topics
The following prerequisites must be fulfilled if you implement automatic assignment of user accounts and identities resulting in administered user accounts.
• The account definition is assigned to the target system.
• The account definition has the default manage level.
User accounts are only linked to the identity (Linked state) if no account definition is given. This is the case on initial synchronization, for example.
To assign the account definition to a target system
1. In One Identity Manager, select the connection in the Epic healthcare | Connections.
2. Select the Change master data task.
3. Select the account definition for user accounts from the Account definition (initial) menu.
4. Save the changes.
Related topics