立即与支持人员聊天
与支持团队交流

Identity Manager 9.2.1 - Administration Guide for Privileged Account Governance

About this guide Managing a Privileged Account Management system in One Identity Manager Synchronizing a Privileged Account Management system
Setting up the initial synchronization of a One Identity Safeguard Customizing the synchronization configuration for One Identity Safeguard Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing PAM user accounts and identities Managing assignments of PAM user groups Login credentials for PAM user accounts Mapping PAM objects in One Identity Manager
PAM appliances PAM user accounts PAM user groups PAM assets PAM asset groups PAM asset accounts PAM directory accounts PAM account groups PAM directories PAM partitions PAM entitlements PAM access request policies Reports about PAM objects
PAM access requests Handling of PAM objects in the Web Portal Basic data for managing a Privileged Account Management system Configuration parameters for managing a Privileged Account Management system Default project template for One Identity Safeguard Editing One Identity Safeguard system objects One Identity Safeguard connector settings Known issues about connecting One Identity Safeguard appliances

Displaying main data of PAM directories

You cannot edit properties of directories in One Identity Manager.

To display the properties of a directory

  1. In the Manager, select the Privileged Account Management > Appliances > <appliance> > Directories category.

  2. Select the directory in the result list.

  3. Select the Change main data task.

PAM partitions

Partitions allow the responsibility for managing assets and directories to be distributed amongst different user accounts and user groups. Partitions are imported into the One Identity Manager database during synchronization. Partition properties cannot be edited. Changes to the object properties of individual partitions can be re-imported by single object synchronization.

To display the properties of a partition

  1. In the Manager, select the Privileged Account Management > Appliances > <appliance> > Privileged Objects > Partitions category.

  2. Select the partition in the result list.

  3. Select the Change main data task.

This shows you an overview of the assets and directories that are connected with the partition as well as an overview of the partition owners.

To obtain an overview of a partition

  1. In the Manager, select the Privileged Account Management > Appliances > <appliance> > Privileged Objects > Partitions category.

  2. Select the partition in the result list.

  3. Select the PAM partition overview task.

Related topics

Assigning owners to partitions

You can specify an owner for PAM partitions. In One Identity Safeguard, owners of a PAM partition can manage assets and directories for user accounts in the password policies or profiles, for example.

To assign owners to a partition

  1. In the Manager, select the Privileged Account Management > Appliances > <appliance> > Privileged Objects > Partitions category.

  2. Select the partition in the result list.

  3. Select the Assign owner task.

  4. Select the table containing the owner from the Table menu at the top of the form. You have the following option:

    • PAM user groups

    • PAM user accounts

  5. In the Add assignments pane, assign owners.

    TIP: In the Remove assignments pane, you can remove assigned owners.

    To remove an assignment

    • Select the owner and double-click .

  6. Save the changes.

PAM entitlements

An entitlement is a set of access request policies that ensures only authorized users can access the system. An entitlement usually groups together a set of permissions that are required to fulfill a specific task. An entitlement defines which users are authorized to request passwords for accounts or sessions for assets as part of the defined access request policies.

Entitlements are imported into the One Identity Manager database during synchronization. Changes to the object properties of individual entitlements can be re-imported by single object synchronization.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级