立即与支持人员聊天
与支持团队交流

Identity Manager 9.1.1 - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning employees, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded employees Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Certifying departments, cost centers, and locations Reports about departments, cost centers, and locations
Employee administration
One Identity Manager users for employee administration Basic data for employee main data Employee's central user account Employee's default email address Employee's central password Mapping multiple employee identities Password policies for employees Creating and editing employees Disabling and deleting employees Deleting all employee related data Limited access to One Identity Manager Changing the certification status of employees Assigning company resources to employees Displaying the origin of employees' roles and entitlements Analyzing role memberships and employee assignments Displaying the employees overview Displaying and deleting employees' Webauthn security keys Determining the language for employees Determining employees working hours Manually assigning user accounts to employees Entering calls for employees Assigning extended properties to employees Employee reports
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing employees Configuration parameters for managing devices and workdesks

Employee reports

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects.The following reports are available for employees.

NOTE: Other sections may be available depending on the which modules are installed.

Table 41: Employee reports
Report Description

Entitlement Origins

The report shows an employee's entitlements and roles and the possible assignment methods.

Request history

The report provides you with an overview of each IT Shop request made by an employee. The report is divided into approved, canceled, denied, and pending requests. You can trace when and why each product was requested, renewed, or unsubscribed.

View completed requests by clicking on Show. In the approval history you can see the approval workflow, the results of each approval step and the approver. The Show button shows you the current approval status of pending requests.

Data quality of direct reports

This report evaluates the data quality of employee data records. All employees under supervision are taken into account.

Employees per department

This report contains the number of employee per department. The primary and secondary assignments to organizations are taken into account. You can find this report in My One Identity Manager.

Employees per cost center

This report contains the number of employee per cost center. The primary and secondary assignments to organizations are taken into account. You can find this report in My One Identity Manager.

Employees per location

This report contains the number of employee per location. The primary and secondary assignments to organizations are taken into account. You can find this report in My One Identity Manager.

Data quality summary for employee records

The report contains different analyzes of data quality for all employees. You can find this report in My One Identity Manager.

Access overview at specific point-in-time

This report contains detailed information about personal and organizational data as well as an overview of the company resources that the employee owned at a specific point-in-time. This includes all assigned user accounts, system entitlements, roles, account definitions, resources, and software.

Attestation cases

The report shows completed and pending attestation cases for which the person was identified as the attestor. If the employee is logged in to the Manager, they can use the report to grant or deny attestation case approval. Use Approve or Deny to grant or deny approval. Enter the reason in Approval reason and click on the Carry out approval button. If a report has been defined for the attestation instance, you can view it using the Show report button in the column.

Use the Show attestation history task to display each step in the attestation case. This allows you to track the chronological sequence and approvals in the attestation case. The attestation history is displayed for pending and closed attestations.

NOTE: This report is available if the Attestation Module exists.

Overview with roles and user accounts

The report contains detailed information about personal and organizational data as well as user accounts, roles, and entitlements currently assigned to the employee.

You can decide whether to include dependent identities in the report.

Overview with roles and user accounts (including history)

The report contains detailed information about personal and organizational data as well as user accounts, roles, and entitlements currently assigned to the employee including historical data.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

You can decide whether to include dependent identities in the report.

NOTE: This report is available if the Target System Base Module exists.

Direct reports overview

The report shows all employees that report directly. This displays detailed information about personal and organizational data as well as current user accounts, roles, and entitlements.

NOTE: This report is available if the Target System Base Module exists.

Direct reports overview (including history)

All employees that report directly including the history. This shows detailed information about personal and organizational data as well as current user accounts, roles, and entitlements including the historical data.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Show user accounts overview (including history)

This report returns all the user accounts with their permissions including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

NOTE: This report is available if the Target System Base Module exists.

User accounts of direct reports (including history)

This report returns all the user accounts with their permissions including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

NOTE: This report is available if the Target System Base Module exists.

Show owned system entitlements (incl. history)

This report shows the system entitlements with the assigned user accounts including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

NOTE: This report is available if the Target System Base Module exists.

Overview of employee's privileged access.

The report contains detailed information about personal and organizational data as well as the employee's current privileged access.

NOTE: This report is available if the Privileged Account Governance Module exists.

Related topics

Managing devices and workdesks

One Identity Manager offers extended device administration functionality for networks. One Identity Manager differentiates between device types, device models, and the device itself.

  • Device types, such as PCs, printers, or monitors, provide the initial classification of the devices.

  • Device models provide additional fine-tuning of the device types in order to obtain a more exact classification of devices.

  • The actual devices as they are defined in the network are listed under devices.

Workdesks are required for assigning different devices to a workstation. The assignment of company resources can be mainly automated by assigning workdesks to business roles, departments, cost centers, locations, or dynamic roles.

To manage devices and workdesks in One Identity Manager

  • In the Designer, set the Hardware configuration parameter and compile the database.

    NOTE: If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

Detailed information about this topic

Basic data for device admin

The following basic data is required for managing devices:

  • Configuration parameter

    Use configuration parameters to configure the behavior of the system's basic settings. One Identity Manager provides default settings for different configuration parameters. Check the configuration parameters and modify them as necessary to suit your requirements.

    Configuration parameters are defined in the One Identity Manager modules. Each One Identity Manager module can also install configuration parameters. In the Designer, you can find an overview of all configuration parameters in the Base data > General > Configuration parameters category.

  • Device models

    Device models are required to classify devices, for example, PC, server, monitor, printer types. One Identity Manager contains predefined device models.

  • Information about manufacturers and suppliers

    You can store manufacturers and suppliers to help with entering device models and devices, .

  • Device status

    Enter the possible device status for asset data about devices.

  • Workdesk status

    You can add a status to workdesks.

  • Workdesk types

    Provide workdesk types for further classification of workdesks,

Detailed information about this topic

Creating and editing device models

The prerequisite for adding devices is the definition of device models. Device models are required to classify devices, for example, PC, server, monitor, printer types. One Identity Manager contains predefined device models. You can define more device models.

To create or edit a device model

  1. In the Manager, select the Devices & Workdesks > Basic configuration data > Device models category.

  2. In the result list, select a device model and run the Change main data task.

    - OR -

    Click in the result list.

  3. Edit the device model's main data.

  4. Save the changes.

Detailed information about this topic
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级