立即与支持人员聊天
与支持团队交流

Identity Manager 9.1 - Target System Base Module Administration Guide

Basic mechanisms for employee and user account administration The Unified Namespace

The Unified Namespace

The Unified Namespace is a virtual system in which different target systems can be mapped with their structures, user accounts, system entitlements and memberships. The Unified Namespace allows a general, cross-target system mapping of all connected target systems. This means that target systems like Active Directory domains can be mapped just the same as custom target systems.

You can use other Unified Namespace core functionality across target systems by mapping target systems in the One Identity Manager, such as identity audit, attestation, or report functions. You are supplied with several reports by default.

Detailed information about this topic

Mapping target system objects in Unified Namespace

Each Unified Namespace object type joins the various tables of the One Identity Manager schema required for mapping connected target systems. The various target system tables are joined in database layers. This allows different object properties to be mapped uniformly.

Use the following database views to run compliance checks or attestation across target systems and also to create reports across target systems.

Special features for mapping object properties

In certain target systems, assignments of system entitlements to user accounts can have a limited duration.

  • The validity period is not mapped in the Unified Namespace.

  • The Marked for deletion (UNSAccountInUNSGroup.XMarkedForDeletion) identifier cannot be set for these assignments. Therefore, in the Unified Namespace, you cannot tell whether an assignment was marked as outstanding by synchronization.

One Identity Manager users for managing target systems in Unified Namespace

The following users are used for managing target systems in the Unified Namespace.

Table 9: Users
Users Tasks

Target system administrators

Target system administrators must be assigned to the Target systems | Administrators application role.

Users with this application role:

  • Administer application roles for individual target system types.

  • Specify the target system manager.

  • Set up other application roles for target system managers if required.

  • Specify which application roles for target system managers are mutually exclusive.

  • Authorize other employees to be target system administrators.

  • Do not assume any administrative tasks within the target system.

Target system managers

Target system managers must be assigned to the Target systems | Unified Namespace application role or a child application role.

Users with this application role:

  • Obtain view of the objects in the connected target systems across all target systems.

  • Can create reports across all target systems.

If the users are also target system managers of the basic underlying target systems, you can manage these target systems through the Unified Namespace.

One Identity Manager administrators

One Identity Manager administrator and administrative system users Administrative system users are not added to application roles.

One Identity Manager administrators:

  • Create customized permissions groups for application roles for role-based login to administration tools in the Designer as required.

  • Create system users and permissions groups for non role-based login to administration tools in the Designer as required.

  • Enable or disable additional configuration parameters in the Designer as required.

  • Create custom processes in the Designer as required.

  • Create and configure schedules as required.

  • Create and configure password policies as required.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级