立即与支持人员聊天
与支持团队交流

Identity Manager 9.2 - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning identities, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded identities Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Certifying departments, cost centers, and locations Reports about departments, cost centers, and locations
Identity administration
One Identity Manager users for managing identities Basics for managing identities Creating and editing identities Assigning company resources to identities Displaying the origin of identities' roles and entitlements Analyzing role memberships and identity assignments Deactivating and deleting identities Deleting all personal data Limited access to One Identity Manager Changing the certification status of identities Displaying the identities overview Displaying and deleting identities' Webauthn security keys Determining the language for identities Determining identities working hours Manually assigning user accounts to identities Entering tickets for identities Assigning extended properties to identities Reports about identities Basic configuration data for identities
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing identities Configuration parameters for managing devices and workdesks

One Identity Manager users for managing departments, cost centers, and locations

The following users are used for the administration of departments, cost centers, and locations.

Table 8: Users
User Tasks

Administrators for organizations

 

Administrators must be assigned to the Identity Management | Organizations | Administrators application role.

Users with this application role:

  • Set up and edit departments, cost centers, and locations.

  • Assign company resources to departments, cost centers, and locations.

  • Attest the main data of departments, cost centers, and locations.

  • Administrate application roles for role approvers, role approvers (IT), and attestors.

  • Set up other application roles as required.

Additional managers

The additional managers must be assigned to the Identity Management | Organizations | Additional managers application role or to a child application role.

Users with this application role:

  • Have permission to manage departments, cost centers and locations.

Approvers for organizations

 

Attestors must be assigned to the Identity Management | Organizations | Attestors application role or a child application role.

Users with this application role:

  • Attest correct assignment of company resources to departments, cost centers, and locations for which they are responsible.

  • Can view main data for departments, cost centers, and locations but cannot edit them.

NOTE: This application role is available if the module Attestation Module is installed.

Approvers for organizations

 

Role approvers must be assigned to the Identity Management | Organizations | Role approvers application role or a child application role.

Users with this application role:

  • Are approvers for the IT Shop.

  • Approve request from departments, cost centers, and locations for which they are responsible.

Approvers (IT) for organizations

 

IT role approvers must be assigned to the Identity Management | Organizations | Role approvers (IT) application role or a child application role.

Users with this application role:

  • Are IT role approvers for the IT Shop.

  • Approve request from departments, cost centers, and locations for which they are responsible.

One Identity Manager administrators

 

One Identity Manager administrator and administrative system users Administrative system users are not added to application roles.

One Identity Manager administrators:

  • Create customized permissions groups for application roles for role-based login to administration tools in the Designer as required.

  • Create system users and permissions groups for non role-based login to administration tools in the Designer as required.

  • Enable or disable additional configuration parameters in the Designer as required.

  • Create custom processes in the Designer as required.

  • Create and configure schedules as required.

  • Create and configure password policies as required.

Basic information for departments, cost centers, and locations

The following basic information is relevant for building up hierarchical roles in One Identity Manager.

  • Configuration parameters

    Use configuration parameters to configure the behavior of the system's basic settings. One Identity Manager provides default settings for various configuration parameters. Check the configuration parameters and modify them as necessary to suit your requirements.

    Configuration parameters are defined in the One Identity Manager modules. Each One Identity Manager module can also install configuration parameters. In the Designer, you can find an overview of all configuration parameters in the Base data > General > Configuration parameters category.

  • Role classes

    Role classes form the basis of mapping hierarchical roles in One Identity Manager. Role classes are used to group similar roles together.

  • Role types

    Create role types in order to classify roles. Roles types can be used to map roles in the user interface, for example.

  • Functional areas

    To analyze rule checks for different areas of your company in the context of identity audit, you can set up functional areas. Functional areas can be assigned to roles. You can enter criteria that provide information about risks from rule violations for functional areas and roles. Moreover, functional areas can be used during peer group analysis of requests or attestation cases.

  • Attestors

    In One Identity Manager you can assign departments, cost centers, and locations to identities who can be brought in as attestors in attestation cases, provided that the approval workflow is set up accordingly. To do this, assign the departments, cost centers, and locations to application roles for attestors. For more information about attestation, see the One Identity Manager Attestation Administration Guide.

    A default application role for attestors is available in One Identity Manager. You may create other application roles as required. For more information about application roles, see the One Identity Manager Authorization and Authentication Guide.

  • Role approvers and role approvers (IT)

    In One Identity Manager you can assign departments, cost centers and locations to identities who can be brought in as approvers in approval processes for IT Shop requests, provided that the approval workflow is set up accordingly. To do this, assign the departments, cost centers, and locations to application roles for role approvers. For more information, see the One Identity Manager IT Shop Administration Guide.

    Default application roles for approvers and approvers (IT) are available in One Identity Manager. You may create other application roles as required. For more information about implementing and editing application roles, see theOne Identity Manager Authorization and Authentication Guide.

Detailed information about this topic

Role classes for departments, cost centers, and locations

Role classes form the basis of mapping hierarchical roles in One Identity Manager. Role classes are used to group similar roles together. The direction of inheritance is specified by the role class. In addition, assignments that are allowed to be made to individual roles of this role class are specified in a role class.

The following role classes are provided by default for mapping organizations in One Identity Manager:

  • Department

  • Cost center

  • Location

Top down inheritance is defined for departments, cost centers, locations, and application roles. Identities, devices, workdesks, and company resource assignments are predefined for departments, cost centers, and locations. You can edit these role class assignments.

Related topics

Assigning role types to role classes for departments, cost centers, and locations

For additional classification, you can define role types and assign them to role classes. Note the restrictions given under Role types for departments, cost centers, and locations.

To assign a role type to a role class

  1. In the Manager, select the Organizations > Basic configuration data > Role classes category.

  2. In the result list, select the role class.

  3. Select the Assign role types task.

  4. In the Add assignments pane, assign role types.

    TIP: In the Remove assignments pane, you can remove assigned role types.

    To remove an assignment

    • Select the role type and click .

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级