立即与支持人员聊天
与支持团队交流

Identity Manager On Demand - Starling Edition Hosted - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning identities, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded identities Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Certifying departments, cost centers, and locations Reports about departments, cost centers, and locations
Identity administration
One Identity Manager users for managing identities Basics for managing identities Creating and editing identities Assigning company resources to identities Displaying the origin of identities' roles and entitlements Analyzing role memberships and identity assignments Deactivating and deleting identities Deleting all personal data Limited access to One Identity Manager Changing the certification status of identities Displaying the identities overview Displaying and deleting identities' Webauthn security keys Determining the language for identities Determining identities working hours Manually assigning user accounts to identities Entering tickets for identities Assigning extended properties to identities Reports about identities Basic configuration data for identities
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing identities Configuration parameters for managing devices and workdesks

Configuring location networks

Enter the location's network configuration data.

Table 19: Location network data
Property Description

IP offset

IP offset of the location.

Subnet mask

Subnet mask of the location.

Directions to location

Enter another address and a description of the way to reach the location. Use the button next to the input field to enable it and enter data. Use the button to remove data from the list.

Table 20: Directions to location
Property Description

Visitors address

Location address for visitors.

Travel directions

Travel directions to the location.

Functional area and risk assessment for locations

Here, you can enter values to classify a location for analyzing the risk of a location in the context of identity audit.

Table 21: Main data of a location's functional area
Property Description

Functional area

Location's function area. This data is required for location's risk assessment.

Risk index (calculated)

A risk index is calculated for the location risk assessment based on assigned company resources. This field is only visible if the QER | CalculateRiskIndex configuration parameter is set. For more information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide.

Transparency index

Specifies how well you can trace location assignments. Use the slider to enter a value between 0 and 1.

0: no transparency

1: full transparency

Max. number of rule violations

Number of rule violations allowed in this location. The value can be evaluated when compliance rules are checked. For more information, see the One Identity Manager Compliance Rules Administration Guide.

NOTE: This property is only available if the Compliance Rules Module is installed.

Turnover for this unit

Turnover for this location.

Earnings for this unit

Earnings for this location.

Related topics

Setting up IT operating data for departments, cost centers, and locations

To create user accounts for an identity with the Full managed manage level, you need to know which IT operating data is required. The operating data required for each specific target system is defined with its departments, locations, or cost centers. An identity is assigned a primary location, primary department, or primary cost center. The necessary IT operating data is ascertained from these assignments and used in creating the user accounts. Default values are used if valid IT operating data cannot be found over the primary roles.

You can also specify IT operating data directly for a specific account definition.

Example:

Normally, each identity in department A obtains a default user account in the domain A. In addition, certain identities in department A obtain administrative user accounts in the domain A.

Create an account definition A for the default user account of the domain A and an account definition B for the administrative user account of domain A. In the IT operating data mapping rule for the account definitions A and B, specify the Department property in order to determine the valid IT operating data.

Specify the effective IT operating data of department A for the domain A. This IT operating data is used for standard user accounts. In addition, for department A, specify the effective IT operating data of account definition B. This IT operating data is used for administrative user accounts.

For more information, see the One Identity Manager Target System Base Module Administration Guide.

To define IT operating data

  1. In the Manager, select the Organizations > <role class> category.

  2. Select the role in the result list.

  3. Select the Edit IT operating data task.

  4. Click Add and enter the following data.

    • Effects on: Specify an IT operating data application scope. The IT operating data can be used for a target system or a defined account definition.

      To specify an application scope

      1. Click next to the field.

      2. Under Table, select the table that maps the target system for select the TSBAccountDef table or an account definition.

      3. Select the specific target system or account definition under Effects on.

      4. Click OK.

    • Column: Select the user account property for which the value is set.

      In the menu, you can select the columns that use the TSB_ITDataFromOrg script in their template. For more information about this, see the One Identity Manager Target System Base Module Administration Guide.

    • Value: Enter a fixed value to assign to the user account's property.

  5. Save the changes.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级