Chat now with support
Chat with Support

Quest has tools and processes in place to identify, protect, detect, and remediate vulnerabilities and incidents when they occur, including external security partners. As part of our standard security operations, Quest does not use CrowdStrike in any of our operations. We are reviewing our third parties, and so far, there is minimal affect. It is Quest's policy not to provide further technical details unless they directly impact customer data.

Identity Manager 9.2 - Web Portal User Guide

General tips and getting started Managing reports Requests
Setting up and configuring request functions Requesting products Managing the Saved for Later list Pending requests Displaying request history Canceling requests Renewing products with limit validity periods Unsubscribing products Displaying requests Undoing approvals Managing request inquiries directed at you
Attestation
Managing attestations Pending attestations Displaying attestation history Managing attestation inquiries directed at you
Compliance Managing risk index functions Responsibilities
My responsibilities
Managing my departments Managing my application roles Managing my devices Managing my business roles Managing my identities Managing my cost centers Managing my multi-request resources Managing my multi requestable/unsubscribable resources Managing my resources Managing my software applications Managing my locations Managing my system entitlements Managing my system roles Managing my assignment resources
Managing task delegations Ownerships
Managing data
Managing departments Managing user accounts Managing business roles Managing identities Managing cost centers Managing multi-request resources Managing multi requestable/unsubscribable resources Managing resources Managing locations Managing system entitlements Managing system roles Managing assignment resources
Opening other web applications Managing tickets Appendix: Attestation conditions and approval policies from attestation procedures

Analyzing assignments to my locations

You can display how a location assignment under your responsibility came about by displaying an assignment analysis for the corresponding membership.

To display the assignment analysis for a membership

  1. In the menu bar, click Responsibilities > My Responsibilities.

  2. In the navigation, click IdentitiesLocations.

  3. On the Locations page, click the location whose memberships you want to display.

  4. In the Edit Location pane, click the Memberships tab.

  5. On the Memberships tab, click Secondary memberships.

  6. Click the membership to display its assignment analysis.

Adding identities to my locations

You can assign identities to locations for which you are responsible.

The following assignment options are available:

To assign an identity to a location using a request

  1. In the menu bar, click Responsibilities > My Responsibilities.

  2. In the navigation, click IdentitiesLocations.

  3. On the Locations page, click the location to which you want to add an identity.

  4. In the Edit Location pane, click the Memberships tab.

  5. On the Memberships tab, click Secondary memberships.

  6. Click Request memberships.

  7. In the Request Memberships pane, next to the identity to which you want to assign the location, select the check box.

  8. Click Request memberships.

  9. Close the Edit Location pane.

  10. In the menu bar, click Requests > Shopping cart.

  11. On the Shopping Cart page, click Submit.

    Once the request has been granted approval, the identity is assigned to the location.

To add members automatically through a dynamic role

  1. In the menu bar, click Responsibilities > My Responsibilities.

  2. In the navigation, click IdentitiesLocations.

  3. On the Locations page, click the location for which you want to create a dynamic role.

  4. In the Edit Location pane, click the Memberships tab.

  5. On the Memberships tab, click Automatic memberships.

  6. Click Create dynamic role.

  7. Use conditions to specify which identities to add over the dynamic role. Perform the following actions to do this:

    1. Click Add condition.

    2. In the Property menu, select the relevant property.

    3. In the Operator menu, select a logical operator.

    4. In the final field, specify a comparison value.

    5. (Optional) To add another condition, click Add another condition and repeat the steps.

    6. (Optional) To change the way the conditions are linked, you can toggle between And and Or by clicking the link.

    TIP: To remove a condition, click (Delete).

    For more information about customizing filter conditions, see Custom filter conditions.

  8. Click Save.

  9. (Optional) In the Calculation schedule menu, select the schedule that specifies when memberships are calculated.

  10. (Optional) To calculate memberships immediately after a relevant object is changed, select the Assignments recalculated immediately check box.

  11. Click Save.

TIP: A membership that was created through a dynamic role is labeled as Assigned by dynamic role in the memberships list.

To re-add an excluded member

  1. In the menu bar, click Responsibilities > My Responsibilities.

  2. In the navigation, click IdentitiesLocations.

  3. On the Locations page, click the location to which you want to re-add a member.

  4. In the Edit Location pane, click the Memberships tab.

  5. On the Memberships tab, click Excluded members.

  6. Select the check box next to the identity you want to add again as a member.

  7. Click Remove exclusion.

Related topics

Removing identities from my locations

You can remove locations from identities, for which you are responsible, by deleting or unsubscribing the relevant memberships.

To remove a location from an identity

  1. In the menu bar, click Responsibilities > My Responsibilities.

  2. In the navigation, click IdentitiesLocations.

  3. On the Locations page, click the location that has a membership you want to delete.

  4. In the Edit Location pane, click the Memberships tab.

  5. Next to the membership you want to delete, select the check box.

  6. Click Remove.

  7. (Optional) In the Remove Memberships pane, perform the following:

    • For assignment requests: In the Reason for unsubscribing the membership field, enter why you want to remove the membership.

    • For memberships assigned through dynamic roles: In the Reason for excluding the members field, enter why you want to delete the memberships.

  8. Click Remove memberships.

    TIP: If you only selected direct memberships, confirm the prompt in the Remove Membership dialog with Yes.

Managing my locations' entitlements

Identities can be assigned entitlements to different objects, such as, groups, accounts, roles, or applications. By assigning entitlements to locations you avoid having to assign entitlements separately to each identity because all the identities are automatically assigned to the locations.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating