Enter the location's network configuration data.
| Property | Description |
|---|---|
|
IP offset |
IP offset of the location. |
|
Subnet mask |
Subnet mask of the location. |
Basics for mapping company structures in One Identity Manager
Hierarchical role structure basic principles
Basic principles for assigning company resources
Dynamic roles
Direct company resource assignments
Indirect company resource assignments
Assigning company resources through dynamic roles
Assigning company resources through IT Shop requests
Basics of calculating inheritance
Preparing hierarchical roles for company resource assignments
Possible assignments of company resources through roles
Permitting assignments of identities, devices, workdesks, and company resources to roles
Blocking inheritance using roles
Preventing identities, devices, or workdesks from inheriting individual roles
Preventing inheritance to individual identities, devices, or workdesks
Inheritance exclusion: Specifying conflicting roles
Creating and editing dynamic roles
Tips about conditions for dynamic roles
Testing dynamic role conditions
Calculating role memberships for dynamic roles
Departments, cost centers, and locations
Schedules for calculating dynamic roles
Excluding identities from dynamic roles
Displaying the dynamic role overview
Main data for dynamic roles
Creating and editing dynamic role schedules
Starting dynamic role schedules immediately
Assigning dynamic roles to schedules
Calculating dynamic roles immediately if objects change
Calculating role memberships for dynamic roles immediately
Editing properties for immediate recalculation
Excluding dynamic roles from recalculation
One Identity Manager users for managing departments, cost centers, and locations
Basic information for departments, cost centers, and locations
Identity administration
Role classes for departments, cost centers, and locations
Role types for departments, cost centers, and locations
Creating and editing departments
Creating role types for departments, cost centers, and locations
Assigning role classes to role types for departments, cost centers, and locations
Functional areas for departments, cost centers, and locations
Attestors for departments, cost centers, and locations
Approvers and approvers (IT) for departments, cost centers, and locations
General main data for departments
Contact data for departments
Functional area and risk assessment for departments
Creating and editing cost centers
Creating and editing locations
General main data for locations
Location address information
Configuring location networks
Directions to location
Functional area and risk assessment for locations
Setting up IT operating data for departments, cost centers, and locations
Assigning identities, devices, and workdesks to departments, cost centers, and locations
Assigning company resources to departments, cost centers, and locations
Creating dynamic roles for departments, cost centers, and locations
Dynamic roles with incorrectly excluded identities
Assign organizations
Specifying inheritance exclusion for departments, cost centers, and locations
Assigning extended properties to departments, cost centers, and locations
Certifying departments, cost centers, and locations
Reports about departments, cost centers, and locations
One Identity Manager users for managing identities
Basics for managing identities
Managing devices and workdesks
Main identities and subidentities
Identity's central user account
Identity's default email address
Identity's central password
Creating and editing identities
General main data of identities
Organizational main data of identities
Address data for identities
Miscellaneous main data of identities
Assigning company resources to identities
Assigning identities to departments, cost centers, and locations
Assigning identities to business roles
Adding identities to IT Shop custom nodes
Assigning application roles to identities
Assigning resources directly to identities
Assigning system roles directly to identities
Assigning subscribable reports directly to identities
Assigning software directly to identities
Displaying the origin of identities' roles and entitlements
Analyzing role memberships and identity assignments
Deactivating and deleting identities
Temporarily deactivating identities
Permanently deactivating identities
Reactivate permanently deactivated identities
Deferred deletion of identities
Deleting all personal data
Limited access to One Identity Manager
Changing the certification status of identities
Displaying the identities overview
Displaying and deleting identities' Webauthn security keys
Determining the language for identities
Determining identities working hours
Manually assigning user accounts to identities
Entering tickets for identities
Assigning extended properties to identities
Reports about identities
Basic configuration data for identities
Creating and editing business partners for external identities
Mail templates for notifications about identities
Creating and editing mail definitions for identities
Base objects for mail templates about identities
Editing mail templates for identities
Password policies for identities
Predefined password policies
Applying identity password policies
Changing the password policy for password columns
Assigning password policies to departments, cost centers, locations, and business roles
Editing password policies for identities
Creating password policies for identities
General main data for password policies
Password policy settings
Character classes for passwords
Custom scripts for password requirements
Defining the excluded list for passwords
Checking identity passwords
Generating passwords for testing identities
Informing identities about expiring passwords
Displaying locked identities and system users
Basic data for device admin
Managing resources
Creating and editing device models
Creating and editing business partners
Creating and editing device statuses
Creating and editing workdesk statuses
Creating and editing workdesk types
Creating and editing devices
Assigning company resources to devices
Entering service agreements and tickets for devices
Displaying the device overview
Creating and editing workdesks
General main data of workdesks
Location information for workdesks
Additional information for workdesks
Assigning company resources to workdesks
Assigning workdesks to departments, cost centers, and locations
Assigning workdesks to business roles
Assigning system roles directly to workdesks
Assigning software directly to workdesks
Displaying the workdesk overview
Assigning devices to workdesks
Assigning workdesks to identities
Entering tickets for workdesks
Asset data for devices
One Identity Manager users for managing resources
Basic data for resources
Creating and editing resources
Main data for resources
Assigning resources to identities
Setting up extended properties
Assigning resources to departments, cost centers, and locations
Assigning resources to business roles
Assigning resources directly to identities
Adding resources to the IT Shop
Adding resources in system roles
Displaying the resources overview
Assigning extended properties to resources
Creating and editing multi-request resources
Assigning multi-request resources to identities
Adding multi-request resources to the IT Shop
Displaying the multi-request resource overview
Reports about resources
One Identity Manager users for managing extended properties
Creating property groups for extended properties
Creating and editing extended properties
Main data for extended properties
Assigning extended properties to property groups
Assigning additional property groups to extended properties
Specifying scope limits for extended properties
Assigning objects to extended properties
Displaying the extended properties overview
Configuration parameters for managing departments, cost centers, and locations
Configuration parameters for managing identities
Configuration parameters for managing devices and workdesks
Configuring location networks
Directions to location
Enter another address and a description of the way to reach the location. Use the 
| Property | Description |
|---|---|
|
Visitors address |
Location address for visitors. |
|
Travel directions |
Travel directions to the location. |
Functional area and risk assessment for locations
Here, you can enter values to classify a location for analyzing the risk of a location in the context of identity audit.
| Property | Description |
|---|---|
|
Functional area |
Location's function area. This data is required for location's risk assessment. |
|
Risk index (calculated) |
A risk index is calculated for the location risk assessment based on assigned company resources. This field is only visible if the QER | CalculateRiskIndex configuration parameter is set. |
|
Transparency index |
Specifies how well you can trace location assignments. Use the slider to enter a value between 0 and 1. 0: no transparency 1: full transparency |
|
Max. number of rule violations |
Number of rule violations allowed in this location. The value can be evaluated when compliance rules are checked. NOTE: This property is only available if the Compliance Rules Module is installed. |
|
Turnover for this unit |
Turnover for this location. |
|
Earnings for this unit |
Earnings for this location. |
Related topics
Setting up IT operating data for departments, cost centers, and locations
To create user accounts for an identity with the Full managed manage level, you need to know which IT operating data is required. The operating data required for each specific target system is defined with its departments, locations, or cost centers. An identity is assigned a primary location, primary department, or primary cost center. The necessary IT operating data is ascertained from these assignments and used in creating the user accounts. Default values are used if valid IT operating data cannot be found over the primary roles.
You can also specify IT operating data directly for a specific account definition.
Example:
Normally, each identity in department A obtains a default user account in the domain A. In addition, certain identities in department A obtain administrative user accounts in the domain A.
For more information, see the One Identity Manager Target System Base Module Administration Guide.
To define IT operating data
-
In the Manager, select the Organizations > <role class> category.
-
Select the role in the result list.
-
Select the Edit IT operating data task.
-
Click Add and enter the following data.
-
Effects on: Specify an IT operating data application scope. The IT operating data can be used for a target system or a defined account definition.
To specify an application scope
-
Click
next to the field.
-
Under Table, select the table that maps the target system for select the TSBAccountDef table or an account definition.
-
Select the specific target system or account definition under Effects on.
-
Click OK.
-
-
Column: Select the user account property for which the value is set.
In the menu, you can select the columns that use the TSB_ITDataFromOrg script in their template.
-
Value: Enter a fixed value to assign to the user account's property.
-
- Save the changes.
It operating data for target systemsThe IT operating data necessary in the One Identity Manager default configuration for automatically creating or changing identity user accounts and mailboxes in the target system is itemized in the following table.
NOTE: IT operating data is dependent on the target system and is contained in One Identity Manager modules. The data is not available until the modules are installed.
| Target system type | IT operating data |
|---|---|
|
Active Directory |
Container Home server Profile server Terminal home server Terminal profile server Groups can be inherited Identity type Privileged user account |
|
Microsoft Exchange |
Mailbox database |
|
LDAP |
Container Groups can be inherited Identity type Privileged user account |
|
Domino |
Server Certificate Template for mail file Identity type |
|
SharePoint |
Authentication mode Groups can be inherited Roles can be inherited Identity type Privileged user account |
|
SharePoint Online |
Groups can be inherited Roles can be inherited Privileged user account. Authentication mode |
|
Custom target systems |
Container (per target system) Groups can be inherited Identity type Privileged user account |
|
Azure Active Directory |
Groups can be inherited Administrator roles can be inherited Subscriptions can be inherited Disabled service plans can be inherited Identity type Privileged user account Change password at next login |
|
Cloud target system |
Container (per target system) Groups can be inherited Identity type Privileged user account |
|
Unix-based target system |
Login shell Groups can be inherited Identity type Privileged user account |
|
Oracle E-Business Suite |
Identity type Groups can be inherited Privileged user account. |
|
SAP R/3 |
Identity type Groups can be inherited Roles can be inherited Profiles can be inherited Structural profiles can be inherited Privileged user account. |
|
Exchange Online |
Groups can be inherited |
|
Privileged Account Management |
Authentication provider Groups can be inherited Identity type Privileged user account |
|
Google Workspace |
Organization Groups can be inherited Products and SKUs can be inherited Admin roles assignments can be inherited Identity type Privileged user account. Change password at next login |
|
OneLogin |
Roles can be inherited Identity type Privileged user account. Licensing state OneLogin group |