立即与支持人员聊天
与支持团队交流

Identity Manager 9.0 LTS - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning employees, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded employees Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Reports about departments, cost centers, and locations
Employee administration
One Identity Manager users for employee administration Basic data for employee main data Employee's central user account Employee's default email address Employee's central password Mapping multiple employee identities Password policies for employees Creating and editing employees Disabling and deleting employees Deleting all employee related data Limited access to One Identity Manager Changing the certification status of employees Assigning company resources to employees Displaying the origin of employees' roles and entitlements Analyzing role memberships and employee assignments Displaying the employees overview Displaying and deleting employees' Webauthn security keys Determining the language for employees Determining employees working hours Manually assigning user accounts to employees Entering calls for employees Assigning extended properties to employees Employee reports
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing employees Configuration parameters for managing devices and workdesks

Manually assigning user accounts to employees

The overview form displays all the employee’s user accounts. You should use account definitions as the default method for creating user accounts. For more information about account definitions, see the One Identity Manager Target System Base Module Administration Guide.

To react quickly to special requests, you can use the relevant tasks for assigning user accounts to manually assign a user account for an employee.

NOTE: The tasks for manually assigning user accounts to persons are defined in the One Identity Manager modules and are only available when the modules have been installed. For more information, see the target system guides.

Related topics

Entering calls for employees

NOTE: This function is only available if the Helpdesk Module is installed.

Enter the calls for employees through the Helpdesk Module. For more information about the help desk, see One Identity Manager Help Desk Module User Guide.

To enter help desk data for an employee

  1. In the Manager, select the Employees > Employees category.

  2. Select the employee in the result list.

  3. Select the Show calls task to display calls entered for an employee task.

  4. Select the New call task to enter a new call.

  5. Save the changes.

Assigning extended properties to employees

Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager.

To specify extended properties for a group

  1. In the Manager, select the Employees > Employees category.

  2. Select the employee in the result list.

  3. Select the Assign extended properties task.

  4. In the Add assignments pane, assign extended properties.

    TIP: In the Remove assignments pane, you can remove assigned extended properties.

    To remove an assignment

    • Select the extended property and double-click .

  5. Save the changes.
Related topics

Employee reports

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects.The following reports are available for employees.

NOTE: Other sections may be available depending on the which modules are installed.

Table 41: Employee reports
Report Description

Entitlement Origins

The report shows an employee's entitlements and roles and the possible assignment methods.

Request history

The report provides you with an overview of each IT Shop request made by an employee. The report is divided into approved, canceled, denied, and pending requests. You can trace when and why each product was requested, renewed, or unsubscribed.

View completed requests by clicking on Show. In the approval history you can see the approval workflow, the results of each approval step and the approver. The Show button shows you the current approval status of pending requests.

Data quality of direct reports

This report evaluates the data quality of employee data records. All employees under supervision are taken into account.

Employees per department

This report contains the number of employee per department. The primary and secondary assignments to organizations are taken into account. You can find this report in My One Identity Manager.

Employees per cost center

This report contains the number of employee per cost center. The primary and secondary assignments to organizations are taken into account. You can find this report in My One Identity Manager.

Employees per location

This report contains the number of employee per location. The primary and secondary assignments to organizations are taken into account. You can find this report in My One Identity Manager.

Data quality summary for employee records

The report contains different analyzes of data quality for all employees. You can find this report in My One Identity Manager.

Access overview at specific point-in-time

This report contains detailed information about personal and organizational data as well as an overview of the company resources that the employee owned at a specific point-in-time. This includes all assigned user accounts, system entitlements, roles, account definitions, resources, and software.

Attestation cases

The report shows completed and pending attestation cases for which the person was identified as the attestor. If the employee is logged in to the Manager, they can use the report to grant or deny attestation case approval. Use Approve or Deny to grant or deny approval. Enter the reason in Approval reason and click on the Carry out approval button. If a report has been defined for the attestation instance, you can view it using the Show report button in the column.

Use the Show attestation history task to display each step in the attestation case. This allows you to track the chronological sequence and approvals in the attestation case. The attestation history is displayed for pending and closed attestations.

NOTE: This report is available if the Attestation Module exists.

Overview with roles and user accounts

The report contains detailed information about personal and organizational data as well as user accounts, roles, and entitlements currently assigned to the employee.

You can decide whether to include dependent identities in the report.

Overview with roles and user accounts (including history)

The report contains detailed information about personal and organizational data as well as user accounts, roles, and entitlements currently assigned to the employee including historical data.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

You can decide whether to include dependent identities in the report.

NOTE: This report is available if the Target System Base Module exists.

Direct reports overview

The report shows all employees that report directly. This displays detailed information about personal and organizational data as well as current user accounts, roles, and entitlements.

NOTE: This report is available if the Target System Base Module exists.

Direct reports overview (including history)

All employees that report directly including the history. This shows detailed information about personal and organizational data as well as current user accounts, roles, and entitlements including the historical data.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Show user accounts overview (including history)

This report returns all the user accounts with their permissions including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

NOTE: This report is available if the Target System Base Module exists.

User accounts of direct reports (including history)

This report returns all the user accounts with their permissions including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

NOTE: This report is available if the Target System Base Module exists.

Show owned system entitlements (incl. history)

This report shows the system entitlements with the assigned user accounts including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

NOTE: This report is available if the Target System Base Module exists.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级