立即与支持人员聊天
与支持团队交流

Identity Manager 9.3 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics The full-text search in One Identity Manager Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on using date values Tips for using PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD-notation Displaying messages in the user interface Referencing packages and files in scripts Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Committing and compiling script changes Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider Processing DBQueue Processor tasks Structure of the Jobservice.cfg configuration file

Examples of statistic definitions

Example: Number of identities in the company

The number of people in the company should be displayed in the statistics. This statistic should be calculated daily. The statistics definition could look like:

Statistic:

CountIdentities

Display name:

Number of identities

Description:

Finds the number of identities in the company on a daily basis.

Calculation schedule:

Calculate statistics

Measurements query:

select 'Identities' as ElementName, count (*) as ElementValue from Person

To display the statistics in the Manager in the Identities > Info system category, the following menu item is created:

Menu item:

Person.InfoSystem.CountIdentities

Item type:

Statistics

Sort order

1

Statistic:

Number of identities

Diagram type:

Thermometer

The menu item is assigned to the Manager program and an application role and can then be displayed in the Manager.

Example: Number of external identities in the company

The number of external identities in the company should be displayed in the statistics. This statistic should be calculated weekly. If more than 20% of identities in the company are externals, the info system should display the state as acceptable instead of a correct. If more than 80% are externals the state should be unacceptable.

Statistic:

CountExternalIdentities

Display name:

Number of external identities.

Description:

Find the number of external identities in the company on a weekly basis.

Calculation schedule:

Calculate weekly statistics

Measurements query:

Select 'Identities' as ElementName, Count (*) as ElementValue

from Person where IsExternal = 1

Base measurements query:

Select 'Identities' as ElementName, Count (*) as ElementValue

from Person

Threshold green:

0.2

Threshold red:

0.8

To display the statistics in the Manager in the Identities > Info system category, the following menu item is created:

Menu item:

Person.InfoSystem.CountExternalIdentities

Item type:

Statistics

Sort order

2

Statistic:

Number of external identities.

Diagram type:

Traffic light

The menu item is assigned to the Manager program and an application role and can then be displayed in the Manager.

Example: Number of direct reports

The number of identities, for which the current user is entered directly as manager, should be represented in a statistic. Restrictions to the values for the current user are made though a condition.

Statistic:

CountIdentitiesPersonHead

Display name:

Number of direct reports.

Description:

Finds the number of identities for which the manager is responsible on a daily basis.

Calculation schedule:

Calculate statistics

Measurements query:

select XObjectKey as ElementObjectKey, 'Identities' as ElementName, Count (*) as ElementValue

from Person where IsExternal = 1

Group by XObjectKey

Condition:

ElementObjectKey in

(select XObjectKey from Person where uid_PersonHead = '%useruid%')

Example: Number of internal and external identities per department

Internal and external identities, which the current user supervises as department manager, should be represented in a statistic. Departments are added here separately to determine clear results for displaying the measurement because a department manager might be responsible for more than one department.

Statistic:

IdentityCountInternalExternal_By_Department

Display name:

Number of internal and external identities

Description:

Finds the number of internal and external identities per department on a daily basis.

Calculation schedule:

Calculate statistics

Measurements query:

select d.XObjectKey as ElementObjectKey, 'Internal' as ElementName, count(p.uid_person) as ElementValue

from Department d Left Outer Join Person p on p.UID_Department = d.UID_Department and p.IsExternal = 0

Group By d.XObjectKey

UNION ALL

select d.XObjectKey as ElementObjectKey, 'External' as ElementName, count(p.uid_person) as ElementValue

from Department d Left Outer Join Person p on p.UID_Department = d.UID_Department and p.IsExternal = 1

Group By d.XObjectKey

Condition:

ElementObjectKey in

(select d.XObjectKey from Department d join helperheadorg hpo on d.UID_Department = hpo.UID_Org where hpo.UID_PersonHead = '%useruid%')

Aggregate function

SUM

Example: Top 10 activated identities by risk index

Ten identities with the highest risk index should be found and displayed in a statistic. They should be sorted by measurement unit.

Statistic:

Top10ActiveIdentitiesByRiskIndex

Display name:

Top 10 active identities by risk index

Description:

Find ten active identities with the highest risk indexes on a daily basis.

Calculation schedule:

Calculate statistics

Measurements query:

select top 10 p.InternalName as ElementName,

Round(100 * IsNull(p.RiskIndexCalculated, 0), 0) as ElementValue,

p.XObjectKey as ElementObjectKey,

ROW_NUMBER() over (order by IsNull(p.RiskIndexCalculated, 0) desc, p.InternalName) as ElementOrder

from Person p

where p.IsInActive = 0

order by ElementOrder

Extending the Launchpad

The Launchpad is the central tool for starting One Identity Manager administration tools and configuration tools. You can use the Launchpad to check the existing One Identity Manager installation and start One Identity Manager tools to run individual tasks.

The Launchpad can be customized. In the Designer, you can define your own menu items and actions for the Launchpad.

You can control how and where menu items are displayed in the Launchpad. You use the menu hierarchy and the different types of menu items to do this. For more information about the structure of a menu hierarchy and the individual menu items and their properties, see User interface navigation.

One Identity Manager supplies a number of Launchpad actions that you can use to start applications by using the Launchpad. You can also start your own applications over the Launchpad.

Detailed information about this topic

Recommendations for extending the Launchpad

Take the following recommendations into account when extending the Launchpad.

  • To create a new category in the left-hand navigation area of the Launchpad, use menu items with the Menu category item type. The items are shown with their display text.

  • To group together tasks in the main area of the Launchpad, use menu items with the Task category item type. The items are shown with their display text.

  • For individual Launchpad tasks, use menu items with the Task, Fixed menu item, or Data-dependent menu item item types. The items are shown with their display text and description.

  • Specify the order for displaying the menu items.

  • To display the task status, enter an overlay icon definition on the menu item in VB.net syntax. Use the NavigationNodeState class.

    Syntax:

    public NavigationNodeState(string state, string imageUidOrName, string description)

    public NavigationNodeState(string state, string imageUidOrName, string description, bool enabled, bool visible, int count)

    Table 121: NavigationNodeState script parameters

    Parameter

    Description

    State

    Status returned, such as Info, Ok, Error, Warning.

    ImageUidOrName

    UID or name of the icon to be displayed.

    description

    Text displayed as tooltip.

    enabled

    Specifies whether the start button for the action is set.

    visible

    Specifies whether to display the task.

    count

    Number of affected objects.

    Calling example:

    Value = New NavigationNodeState("Ok", "QBM-33228392E9863141A9306B38ADF3D502", #LD("Project is completed.")#)

    Value = New NavigationNodeState("Error", "QBM-a486f0eabf674392bbbdf8572453258c", #LD("Project is not completed.")#)

  • You can use the condition to specify whether the task is only available for a direct database connection or a connection over an application server. To do this, use the variable SessionType.

    Condition examples:

    Direct database connection only: '%SessionType%' = 'Direct'

    Connect with the application server only: '%SessionType%' = 'AppServer'

    If no condition is defined, the task is always available.

  • If an action is going to be run from a task, link a Launchpad action to the menu item.

    This displays the Start button for the task. The Launchpad action's description is displayed in the button's tooltip.

  • If some actions in the Launchpad should not be made available to all users, you can manage the permissions by assigning Launchpad actions to program functions (QBMLaunchActionHasFeature table). Only tasks containing actions that the user's program function permissions permit him to run are shown in the Launchpad.

    For more information about managing permissions and running Launchpad actions using program functions, see the One Identity Manager Authorization and Authentication Guide.

Related topics

Actions for the Launchpad

One Identity Manager supplies a list of Launchpad actions that you can use to start applications. You can also start your own applications over the Launchpad.

At the start an application, you can pass calling parameters, tasks, and task parameters which the application can identify. Variable are permitted in this case. Supported are:

  • Environment variables with the syntax %variable%

  • Navigation variables with the syntax %variable%

  • Columns of the object passed down in $ notation.

To display Launchpad actions

  1. In the Designer, select the User interface > Launchpad Actions category.

  2. Select the Launchpad action The following main data is mapped for a Launchpad action.

    Table 122: Action properties
    Property Description

    Description

    Detailed description of the action. The description is displayed in the tooltip.

    .exe file

    Full name of the binary file.

    Calling parameter

    Additional calling parameters for starting the application.

    Action

    Action identifier.

    Administrative context

    Specifies whether the application can only be started by an administrator. The application expects authentication as an administrator.

    Method

    Method that must also be transferred as a start parameter.

    Task parameter

    Additional parameters for the method.

    Editor

    Special editor, for completing tasks in the Launchpad.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级