立即与支持人员聊天
与支持团队交流

Identity Manager On Demand Hosted - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning employees, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded employees Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Reports about departments, cost centers, and locations
Employee administration
One Identity Manager users for employee administration Basic data for employee main data Employee's central user account Employee's default email address Employee's central password Mapping multiple employee identities Password policies for employees Creating and editing employees Disabling and deleting employees Deleting all employee related data Limited access to One Identity Manager Changing the certification status of employees Assigning company resources to employees Displaying the origin of employees' roles and entitlements Analyzing role memberships and employee assignments Displaying the employees overview Displaying and deleting employees' Webauthn security keys Determining the language for employees Determining employees working hours Manually assigning user accounts to employees Entering calls for employees Assigning extended properties to employees Employee reports
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing employees Configuration parameters for managing devices and workdesks

Reports about departments, cost centers, and locations

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for departments, cost centers, and locations.

NOTE: Other sections may be available depending on the which modules are installed.

Table 24: Reports about departments, cost centers, and locations
Report Description

Overview of all assignments

This report finds all the roles in which employees from the selected department, cost center, or location are also members.

Data quality of department members (cost center members)

This report evaluates the data quality of employee data records. It takes all employees in the department or cost center into account.

Show historical memberships

This report lists all members of the selected department, cost center, or location and the duration of their membership.

Employees per department

This report contains the number of employee per department. The primary and secondary assignments to organizations are taken into account. You can find this report in the Manager in the My One Identity Manager category.

Employees per cost center

This report contains the number of employee per cost center. The primary and secondary assignments to organizations are taken into account. You can find this report in the Manager in the My One Identity Manager category.

Employees per location

This report contains the number of employee per location. The primary and secondary assignments to organizations are taken into account. You can find this report in the Manager in the My One Identity Manager category.

Related topics

Employee administration

The main component of One Identity Manager maps employees with their main data and all available company resources. IT resources, such as devices, software, and access permissions in various target systems, qualify as company resources. Resources such as mobile telephones, company cars, or keys can be mapped to employees, as well.

Employees obtain company resources according to their function and their position with the company structure. Company structures, such as departments, cost centers, and location, are also mapped in One Identity Manager. As are employee memberships in these company structures. Once company resources are assigned to the company structures, they are inherited by all the members. This way, employees automatically be supplied with all the necessary company resources.

If you manage access permissions on all One Identity Manager tools using the application role, you obtain all of the information about current access permissions and employee responsibilities with One Identity Manager.

One Identity Manager components for managing employees are available when the QER | Person configuration parameter is set.

  • In the Designer, check if the configuration parameter is set. If not, set the configuration parameter.

Detailed information about this topic

One Identity Manager users for employee administration

Following users are used for employee administration.

Table 25: Users
Users Tasks

Employee administrators

Employee administrators must be assigned to the Identity Management | Employees| Administrators application role.

Users with this application role:

  • Can edit main data for all employees

  • Assign managers to employees.

  • Can assign company resources to employees.

  • Check and authorize employee main data.

  • Create and edit risk index functions.

  • Edit password policies for employee passwords

  • Delete employee's security keys (WebAuthn)

  • Can see everyone's requests, attestations, and delegations and edit delegations in the Web Portal.

Employee managers

 

The Base roles | Employee managers application role is automatically assigned to a user if the user is a manager or supervisor of employees, departments, locations, cost centers, business roles, or IT Shops.

Users with this application role:

  • Can edit main data for the objects they are responsible for and assign company resources to them.

  • Can edit new employees added in the Web Portal and edit the main data of their staff.

  • Can add their staff members to the IT Shop.

  • Can view their staff compliance rule violations in the Web Portal.

  • Can create delegations for their staff in Web Portal.

  • Can see and edit their staff delegations in Web Portal.

Members of this application role are determined through a dynamic role.

One Identity Manager administrators

One Identity Manager administrator and administrative system users Administrative system users are not added to application roles.

One Identity Manager administrators:

  • Create customized permissions groups for application roles for role-based login to administration tools in the Designer as required.

  • Create system users and permissions groups for non role-based login to administration tools in the Designer as required.

  • Enable or disable additional configuration parameters in the Designer as required.

  • Create custom processes in the Designer as required.

  • Create and configure schedules as required.

  • Create and configure password policies as required.

Basic data for employee main data

The following basic data is required for managing employees.

  • Configuration parameter

    Use configuration parameters to configure the behavior of the system's basic settings. One Identity Manager provides default settings for different configuration parameters. Check the configuration parameters and modify them as necessary to suit your requirements.

    Configuration parameters are defined in the One Identity Manager modules. Each One Identity Manager module can also install configuration parameters. In the Designer, you can find an overview of all configuration parameters in the Base data > General > Configuration parameters category.

  • Business Partners

    When external employees are entered into the system, a company must be named.

  • Mail templates

    The login data for new user accounts in a target system can be sent to a specified person by email. In this case, two messages are sent with the user name and the initial password. Mail templates are used to generate the messages.

  • Password policy

    An employee's central password is formed from the target system specific user accounts by respective configuration. The Employee central password policy defines the settings for the (Person.CentralPassword) central password.

Detailed information about this topic
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级