立即与支持人员聊天
与支持团队交流

Identity Manager On Demand - Starling Edition Hosted - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning identities, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded identities Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Certifying departments, cost centers, and locations Reports about departments, cost centers, and locations
Identity administration
One Identity Manager users for managing identities Basics for managing identities Creating and editing identities Assigning company resources to identities Displaying the origin of identities' roles and entitlements Analyzing role memberships and identity assignments Deactivating and deleting identities Deleting all personal data Limited access to One Identity Manager Changing the certification status of identities Displaying the identities overview Displaying and deleting identities' Webauthn security keys Determining the language for identities Determining identities working hours Manually assigning user accounts to identities Entering tickets for identities Assigning extended properties to identities Reports about identities Basic configuration data for identities
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing identities Configuration parameters for managing devices and workdesks

Predefined password policies

You can customize predefined password policies to meet your own requirements if necessary.

Password for logging in to One Identity Manager

The One Identity Manager password policy is applied for logging in to One Identity Manager. This password policy defines the settings for the system user passwords (DialogUser.Password and Person.DialogUserPassword) as well as the passcode for a one time log in on the Web Portal (Person.Passcode).

NOTE: The One Identity Manager password policy is marked as the default policy. This password policy is applied if no other password policy can be found for identities, user accounts, or system users.

Password policy for forming identities' central passwords

An identity's central password is formed from the target system specific user accounts by respective configuration. The Identity central password policy defines the settings for the (Person.CentralPassword) central password. Members of the Identity Management | Identities | Administrators application role can adjust this password policy.

IMPORTANT: Ensure that the Identity central password policy does not violate the target system-specific requirements for passwords.

Password policies for user accounts

Predefined password policies are provided, which you can apply to the user account password columns of the user accounts. You can define password policies for user accounts for various base objects, for example, for account definitions, manage levels, or target systems.

For more information about password policies for user accounts, see the administration guides of the target systems.

Related topics

Applying identity password policies

The One Identity Manager password policy and Identity central password policy are predefined password policies for identities' central passwords.

You can assign custom password policies to identities' password columns. You can also assign the password policies to departments, cost centers, locations, or business roles, and therefore apply password policies depending on the identities' organizational classification.

Which password policy is applied to an identity is determined in the following order:

  1. Password policy of the identity's primary business role

  2. Password policy of the identity's primary department

  3. Password policy of the identity's primary location

  4. Password policy of the identity's primary cost center

  5. General password policy for identities' passwords

  6. The One Identity Manager password policy (default policy)

Related topics

Changing the password policy for password columns

If you do not want to apply the predefined password policy to the password column of identities, change the password policy assignment to the base object in the Manager.

To change a password policy's assignment

  1. In the Manager, select the Identities > Basic configuration data > Password policies category.

  2. Select the password policy in the result list.

  3. Select the Assign objects task.

  4. In the Assignments pane, select the assignment you want to change.

  5. From the Password Policies menu, select the new password policy you want to apply.

  6. Save the changes.

Assigning password policies to departments, cost centers, locations, and business roles

You can assign the password policies for forming an identity's system user password, the passcode, and an identity's central password to departments, cost centers, locations, and business roles.

NOTE: If you want to use the assignment of a password policy through company structures, you need to decide whether to use either departments, cost centers, locations, or business roles. Otherwise, performance problems may occur when determining the valid password policy. A large number of hierarchy levels could also lead to performance problems when determining the password policy to apply.

To reassign a password policy

  1. In the Manager, select the Identities > Basic configuration data > Password policies category.

  2. Select the password policy in the result list.

  3. Select the Assign objects task.

  4. Click Add in Assignments and enter the following data.

    • Apply to: Application scope of the password policy.

      To specify an application scope

      1. Click next to the field.

      2. Under Table, select the table that contains the basic objects. You have the following options:

        • Department: Departments.

        • Org: Business roles.

          NOTE: This table is only available if the Business Roles Module is installed.

        • Locality: Locations.

        • Profitcenter: Cost centers.

      3. Under Apply to, select the specific department, cost center, location, or business role.

      4. Click OK.

    • Password column: Name of the password column. You have the following options:

      • Person - CentralPassword: Central password of the identity.

      • Person - DialogUserPassword: System user password of the identity.

      • Person - Passcode: Passcode of the identity.

    • Password policy: Name of the password policy to use.

  5. Save the changes.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级