立即与支持人员聊天
与支持团队交流

Identity Manager On Demand - Starling Edition Hosted - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning identities, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded identities Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Certifying departments, cost centers, and locations Reports about departments, cost centers, and locations
Identity administration
One Identity Manager users for managing identities Basics for managing identities Creating and editing identities Assigning company resources to identities Displaying the origin of identities' roles and entitlements Analyzing role memberships and identity assignments Deactivating and deleting identities Deleting all personal data Limited access to One Identity Manager Changing the certification status of identities Displaying the identities overview Displaying and deleting identities' Webauthn security keys Determining the language for identities Determining identities working hours Manually assigning user accounts to identities Entering tickets for identities Assigning extended properties to identities Reports about identities Basic configuration data for identities
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing identities Configuration parameters for managing devices and workdesks

Attestors for departments, cost centers, and locations

NOTE: This function is only available if the Attestation Module is installed.

In One Identity Manager you can assign departments, cost centers, and locations to identities who can be brought in as attestors in attestation cases, provided that the approval workflow is set up accordingly. To do this, assign the departments, cost centers, and locations to application roles for attestors. For more information about attestation, see the One Identity Manager Attestation Administration Guide.

A default application role for attestors is available in One Identity Manager. You may create other application roles as required. For more information about application roles, see the One Identity Manager Authorization and Authentication Guide.

Table 10: Default application roles for attestors
User Tasks

Attestors for organizations

 

Attestors must be assigned to the Identity Management | Organizations | Attestors application role or a child application role.

Users with this application role:

  • Attest correct assignment of company resources to departments, cost centers, and locations for which they are responsible.

  • Can view main data for departments, cost centers, and locations but cannot edit them.

NOTE: This application role is available if the module Attestation Module is installed.

To add identities to default application roles for attestors

  1. In the Manager, select the Organizations > Basic configuration data > Attestors category.

  2. Select the Assign identities task.

  3. In the Add assignments pane, add identities.

    TIP: In the Remove assignments pane, you can remove assigned identities.

    To remove an assignment

    • Select the identity and double-click .

  4. Save the changes.

Approvers and approvers (IT) for departments, cost centers, and locations

In One Identity Manager you can assign departments, cost centers and locations to identities who can be brought in as approvers in approval processes for IT Shop requests, provided that the approval workflow is set up accordingly. To do this, assign the departments, cost centers, and locations to application roles for role approvers. For more information, see the One Identity Manager IT Shop Administration Guide.

Default application roles for approvers and approvers (IT) are available in One Identity Manager. You may create other application roles as required. For more information about implementing and editing application roles, see theOne Identity Manager Authorization and Authentication Guide.

Table 11: Default application roles for approvers
User Tasks

Approvers for organizations

 

Role approvers must be assigned to the Identity Management | Organizations | Role approvers application role or a child application role.

Users with this application role:

  • Are approvers for the IT Shop.

  • Approve request from departments, cost centers, and locations for which they are responsible.

Approvers (IT) for organizations

 

IT role approvers must be assigned to the Identity Management | Organizations | Role approvers (IT) application role or a child application role.

Users with this application role:

  • Are IT role approvers for the IT Shop.

  • Approve request from departments, cost centers, and locations for which they are responsible.

To specify a role approver or role approver (IT)

  1. In the Manager, select the Organizations > Basic configuration data > Role approvers category.

    - OR -

    In the Manager, select the Organizations > Basic configuration data > Role approvers (IT) category.

  2. Select the Assign identities task.

  3. In the Add assignments pane, add identities.

    TIP: In the Remove assignments pane, you can remove assigned identities.

    To remove an assignment

    • Select the identity and double-click .

  4. Save the changes.

Creating and editing departments

Create new departments or edit the master data of existing departments.

To create a department

  1. In the Manager, select the Organizations > Departments category.

  2. Click in the result list.

  3. On the main data form, edit the main data of the department.

  4. Save the changes.

To edit the main data of a department

  1. In the Manager, select the Organizations > Departments category.

  2. In the result list, select a department and run the Change main data task.

  3. Edit the department's main data.

  4. Save the changes.
Detailed information about this topic

General main data for departments

Enter the following data for a department.

Table 12: General main data of a department
Property Description

Department

Name of the department Translate the given text using the button.

Short name

Short name of the department

Object ID

Unique department object ID. The object ID is required, for example, in SAP systems for assigning employees to departments.

Parent department

Parent of department in the hierarchy.

To organize departments hierarchically, select the parent department in the menu. Leave this field empty if the department is at the top level of the department hierarchy.

Full name

Complete name of the department including parent departments. Translate the given text using the button.

Role type

Role types for more detailed classification.

Location

Location to which the department is primary assigned.

Manager

Manager responsible for the department.

2nd Manager

Assistant manager of the department.

Additional manager

Application role for a group of managers and deputies who manage this department.

To create a new application role, click . Enter the application role name and assign a parent application role.

Attestors

Applications role whose members are authorized to approve attestation cases for this department.

To create a new application role, click . Enter the application role name and assign a parent application role.

NOTE: This property is available if the Attestation Module is installed.

Cost center

Cost center to which the department is primary assigned.

Role approver

Application role whose members approve IT Shop requests for members of this department.

To create a new application role, click . Enter the application role name and assign a parent application role.

Role approver (IT)

Application role whose members approve IT Shop requests for members of this department.

To create a new application role, click . Enter the application role name and assign a parent application role.

Description

Text field for additional explanation.

Comment

Text field for additional explanation.

Remarks

Text field for additional explanation.

Certification status

Certification status of the department. You can select the following certification statuses:

  • New: The department was newly added to the One Identity Manager database.

  • Certified: The department main data was granted approval by the manager.

  • Denied: The department data was denied approval by the manager.

The certification status can be set depending on the result of regular attestations.

Import data source

Target system or data source, from which the data set was imported.

Full name

Full name of the department include parent departments.

Deactivated

Specifies whether the department is actively used. Set this option if the department is not used. This option does not have any effect on the calculation of inheritance.

Block inheritance

Specifies whether inheritance for this department can be discontinued. Set this option to discontinue inheritance within the department hierarchy.

X500 nodes

Select this option to label a department for exporting to an X500 schema.

Identities do not inherit

Specifies whether identity inheritance should be temporarily prevented for this department.

Devices do not inherit

Specifies whether device inheritance should be temporarily prevented for this department.

Workdesks do not inherit

Specifies whether workdesk inheritance should be temporarily prevented for this department.

Dynamic roles not allowed

Specifies whether a dynamic role can be created for the department.

Spare field no. 01 ... Spare field no. 10

Additional company-specific information. Use the Designer to customize display names, formats, and templates for the input fields.

Spare date no. 01 ... Spare date no. 03

Additional company-specific information. Use the Designer to customize display names, formats, and templates for the input fields.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级