立即与支持人员聊天
与支持团队交流

Identity Manager On Demand - Starling Edition Hosted - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning identities, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded identities Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Certifying departments, cost centers, and locations Reports about departments, cost centers, and locations
Identity administration
One Identity Manager users for managing identities Basics for managing identities Creating and editing identities Assigning company resources to identities Displaying the origin of identities' roles and entitlements Analyzing role memberships and identity assignments Deactivating and deleting identities Deleting all personal data Limited access to One Identity Manager Changing the certification status of identities Displaying the identities overview Displaying and deleting identities' Webauthn security keys Determining the language for identities Determining identities working hours Manually assigning user accounts to identities Entering tickets for identities Assigning extended properties to identities Reports about identities Basic configuration data for identities
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing identities Configuration parameters for managing devices and workdesks

Reactivate permanently deactivated identities

Identities that are permanently deactivated can be re-enabled if they were not disabled by certification.

To reactivate an identity

  1. In the Manager, select the Identities > Inactive identities category.

  2. Select the identity in the result list.

  3. Select the Reactivate identity task.

  4. Confirm the security prompt with Yes if the identity should be enabled.

    On the main data form for the identity, the Permanently deactivated option is not set. The end date and last working day are deleted assuming the dates are past.

  5. Save the changes.
Related topics

Deferred deletion of identities

When an identity is deleted, it is tested to see if user accounts and company resources are still assigned, or if there are still any requests pending in the IT Shop. The identity is marked for deletion and therefore locked out of further processing.

By default, identities are finally deleted from the database after 30 days. During this period it is possible to re-activate the identity. A restore is not possible once deferred deletion has expired.

In the Designer, you can set an alternative delay on the Person table. For more information on configuring the deferred deletion, refer to the One Identity Manager Configuration Guide.

Before an identity can finally be deleted from the One Identity Manager database, you need to delete all company resource assignments and close all requests. You can do this manually or implement custom processes to do it.

All the user accounts linked to an identity could be deleted by default by One Identity Manager once this identity has been deleted. If no more company resources are assigned, the identity is deleted permanently. For more information, see the One Identity Manager Target System Base Module Administration Guide.

Related topics

Deleting all personal data

A procedure called QER_PPersonDelete_GDPR is provided to support the special process for deleting personal data, which implements the General Data Protection Regulation (GDPR) of the European Union. You can use this procedure to delete all data relating to a person from the One Identity Manager database. For certain dependencies, processes that are handled by the One Identity Manager Service are created by the procedure.

NOTE: While this procedure is running, the database does not allow any triggers. Therefore, it is recommended to only run the procedure in maintenance periods.

You can run the procedure in any program suitable for running SQL queries.

Calling syntax:

exec QER_PPersonDelete_GDPR ' <identity UID from Person table, UID_Person column>'

NOTE: Personal data may be subject to further regulations such as legal retention periods. Personal data from the One Identity Manager History Database is not automatically deleted by default because of this. It is recommended to operate One Identity Manager History Databases that correspond to the report periods. After a specified reporting period has expired, you can set up a new One Identity Manager History Database. You set up custom processes for deleting personal data.

Limited access to One Identity Manager

NOTE: This function is only available if the Attestation Module is installed.

Users who only have temporary or limited access to the One Identity Manager can log in through the Web Portal. This functionality can be used, for example, if external employees, such as contract workers, should be provided with temporary access to the One Identity Manager. These identity can log in to the Web Portal as new workers. New identities are added for them in the One Identity Manager database.

If you make use of this functionality, take note of the following:

  • In One Identity Manager, an identity with the following properties is created:

    • Certification status: New

    • Permanently deactivated: Set

    • No inheritance: Set

  • If the QER | Attestation | UserApproval configuration parameter is set, the new identity is attested automatically.

  • To assign company resources to the identity or to ensure permissions in One Identity Manager, implement custom processes.

For more information about attestation, see the One Identity Manager Attestation Administration Guide.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级