Through their user group, the user receives the required entitlements, for example, for requesting a password for an asset account or a session for the accounts and assets in the Privileged Account Management system.
All local user groups and directory groups of an appliance are imported into One Identity Manager during synchronization. You can only edit limited features of user groups in One Identity Manager. For example, you adjust local user groups for use in IT Shop and assign them to user accounts.
Related topics
To edit group master data
-
In the Manager, select the Privileged Account Management | User groups category.
-
Select the group in the result list and run the Change master data task.
-
On the master data form, edit the master data for the group.
- Save the changes.
Related topics
On the General tab, edit the following master data.
Table 30: General master data for a user group
|
Name |
Name of the user group |
| Appliance |
Appliance to which the user group belongs. |
|
Service item |
Service item data for requesting the group through the IT Shop. |
|
IT Shop |
Specifies whether the group can be requested through the IT Shop. If this option is set, the group can be requested by the employees through the Web Portal and distributed with a defined approval process. The group can still be assigned directly to hierarchical roles. |
|
Only for use in IT Shop |
Specifies whether the group can only be requested through the IT Shop. If this option is set, the group can be requested by the employees through the Web Portal and distributed with a defined approval process. Direct assignment of the group to hierarchical roles or user accounts is not permitted. |
|
Risk index |
Value for evaluating the risk of assigning the group to user accounts. Enter a value between 0 and 1. This input field is only visible if the QER | CalculateRiskIndex configuration parameter is activated.
For more detailed information, see the One Identity Manager Risk Assessment Administration Guide. |
|
Category |
Categories for group inheritance. Groups can be selectively inherited by user accounts. To do this, groups and user accounts are divided into categories. Select one or more categories from the menu. |
|
Description |
Text field for additional explanation. |
|
Authentication provider |
Directory name (only for directory groups). |
| Target system group |
Group in Active Directory or LDAP (only for directory groups). |
| Read only memberships |
The directory group is read-only (only for directory groups). The memberships are maintained in the directory, for example in Active Directory or LDAP. |
|
Created on |
Time at which the user account was created. |
|
Created by |
User who created the user account. |
Related topics
After you have entered the master data, you can run the following tasks.
