立即与支持人员聊天
与支持团队交流

Identity Manager On Demand - Starling Edition Hosted - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning identities, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded identities Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Certifying departments, cost centers, and locations Reports about departments, cost centers, and locations
Identity administration
One Identity Manager users for managing identities Basics for managing identities Creating and editing identities Assigning company resources to identities Displaying the origin of identities' roles and entitlements Analyzing role memberships and identity assignments Deactivating and deleting identities Deleting all personal data Limited access to One Identity Manager Changing the certification status of identities Displaying the identities overview Displaying and deleting identities' Webauthn security keys Determining the language for identities Determining identities working hours Manually assigning user accounts to identities Entering tickets for identities Assigning extended properties to identities Reports about identities Basic configuration data for identities
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing identities Configuration parameters for managing devices and workdesks

Certifying departments, cost centers, and locations

NOTE: This function is only available if the Attestation Module is installed.

The certification status of departments, cost centers, and locations can be set manually or by regular attestation. To set certification status by attesting, configure the attestation policies accordingly.

To manually change the certification status of a department, cost center, or location

  1. In the Manager, edit the main data of the department, cost center, and location.

  2. In the Certification status field, enter the required value.

  3. Save the changes.

To change the certification status of departments, cost centers, or locations by attestation

  1. In the Manager, select the Attestation > Attestation policies category.

  2. In the result list, select the attestation policy whose attestation runs will adjust the certification status.

  3. If the certification status is to change to Certified when attestation is approved, enable the Set certification status to "Certified".

  4. If the certification status is to be changed to Denied when attestation is denied, enable Set certification status to "Denied".

  5. Save the changes.

One Identity Manager provides default procedures for managers to quickly attest and certify the main data of newly added departments, cost centers, and locations in the One Identity Manager database. Attestation is performed only for organizations with the New certification status. If the attestation is approved, the certificate status of the attested organization is set to Certified and otherwise, to Denied. If attestation was granted approval, it disables the Identities do not inherit option.

NOTE: If the attestation was denied, only the certification status changes. Other behavioral changes, for example in the inheritance calculation, are not associated with this and can be implemented on a custom basis.

This function is only available if the Target System Base Module is installed. For more information about certifying new roles and organizations, see the One Identity Manager Attestation Administration Guide.

Detailed information about this topic

Reports about departments, cost centers, and locations

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for departments, cost centers, and locations.

NOTE: Other sections may be available depending on the which modules are installed.

Table 24: Reports about departments, cost centers, and locations
Report Description

Overview of all assignments

This report finds all the roles in which identities from the selected department, cost center, or location are also members.

Data quality of department members (cost center members)

This report evaluates the data quality of identity data. It takes all identities in the department or cost center into account.

Show historical memberships

This report lists all members of the selected department, cost center, or location and the duration of their membership.

Identities per department

This report contains the number of identity per department. The primary and secondary assignments to organizations are taken into account. You can find this report in the Manager in the My One Identity Manager category.

Identities per cost center

This report contains the number of identity per cost center. The primary and secondary assignments to organizations are taken into account. You can find this report in the Manager in the My One Identity Manager category.

Identities per location

This report contains the number of identity per location. The primary and secondary assignments to organizations are taken into account. You can find this report in the Manager in the My One Identity Manager category.

Related topics

Identity administration

The main component of One Identity Manager maps identities with their main data and all available company resources. Identities usually represent real people but they can also be used for machines and services in One Identity Manager. IT resources, such as devices, software, and access permissions in various target systems, qualify as company resources. Resources such as mobile phones, company cars, or keys can be mapped to identities, as well.

Identities obtain company resources according to their function and their position with the company structure. In One Identity Manager, departments, cost centers, and locations or even business roles as well memberships of the identities are mapped in these company structures. Once company resources are assigned to the company structures, they are inherited by all the members of the company structures. This way, identities automatically be supplied with all the necessary company resources.

If you manage access permissions on all One Identity Manager tools using the application role, you obtain all of the information about current access permissions and identity responsibilities with One Identity Manager. For more information about application roles, see the One Identity Manager Authorization and Authentication Guide.

One Identity Manager components for managing identities are available when the QER | Person configuration parameter is set.

  • In the Designer, check if the configuration parameter is set. If not, set the configuration parameter.

Detailed information about this topic

One Identity Manager users for managing identities

Following users are used for identity administration.

Table 25: Users
User Tasks

Identity administrators

Identity administrators must be assigned to the Identity Management | Identities | Administrators application role.

Users with this application role:

  • Can edit any identity's main data

  • Assign managers to identities.

  • Can assign company resources to identities.

  • Check and authorize identity main data.

  • Create and edit risk index functions.

  • Edit password policies of identities' passwords.

  • Delete identity's security keys (WebAuthn)

  • Can see everyone's requests, attestations, and delegations and edit delegations in the Web Portal.

Responsibilities of identities

 

The Base roles | Identity managers application role is automatically assigned to a user if the user is a manager or supervisor of identities, departments, locations, cost centers, business roles, or IT Shops.

Users with this application role:

  • Can edit main data for the objects they are responsible for and assign company resources to them.

  • Can add new identities to the Web Portal and edit the main data of their identities.

  • Can add their identities to the IT Shop.

  • Can view their identities' compliance rule violations in the Web Portal.

  • Can create delegations for their identities the Web Portal.

  • Can see and edit their identities' delegations in the Web Portal.

Members of this application role are determined through a dynamic role.

One Identity Manager administrators

One Identity Manager administrator and administrative system users Administrative system users are not added to application roles.

One Identity Manager administrators:

  • Create customized permissions groups for application roles for role-based login to administration tools in the Designer as required.

  • Create system users and permissions groups for non role-based login to administration tools in the Designer as required.

  • Enable or disable additional configuration parameters in the Designer as required.

  • Create custom processes in the Designer as required.

  • Create and configure schedules as required.

  • Create and configure password policies as required.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级