立即与支持人员聊天
与支持团队交流

Identity Manager 8.2.1 - Administration Guide for Connecting to Cloud Applications

Mapping cloud applications in One Identity Manager Synchronizing cloud applications through the Universal Cloud Interface Provisioning object changes Managing provisioning processes in the Web Portal Mapping cloud objects in One Identity Manager
Cloud applications Container structures in cloud applications User accounts in cloud applications Groups and system entitlements in cloud applications Permissions controls in a cloud application
Base data for managing cloud applications Default project template for cloud applications Cloud system object processing methods Configuration parameters for managing cloud applications

Specifying server functions

NOTE: All editing options are also available in the Designer under Base Data > Installation > Job server.

The server function defines the functionality of a server in One Identity Manager. One Identity Manager processes are handled with respect to the server function.

NOTE: More server functions may be available depending on which modules are installed.
Table 32: Permitted server functions

Server function

Remark

Update server

This server automatically updates the software on all the other servers. The server requires a direct connection to the database server that One Identity Manager database is installed on. It can run SQL tasks.

The server with the One Identity Manager database installed on it is labeled with this functionality during initial installation of the schema.

SQL processing server

It can run SQL tasks. The server requires a direct connection to the database server that One Identity Manager database is installed on.

Several SQL processing servers can be set up to spread the load of SQL processes. The system distributes the generated SQL processes throughout all the Job servers with this server function.

CSV script server

This server can process CSV files using the ScriptComponent process component.

One Identity Manager Service installed

Server on which a One Identity Manager Service is installed.

SMTP host

Server from which One Identity Manager Service sends email notifications. Prerequisite for sending mails using One Identity Manager Service is SMTP host configuration.

Default report server

Server on which reports are generated.

SCIM connector

This server can connect to a cloud application.

Related topics

Cloud administrators

In One Identity Manager, you can assign employees to any cloud application, where they can synchronize it with One Identity Manager. There is a default application role for cloud administrators in One Identity Manager. Assign those employees to this application role who are authorized to configure synchronization and run manual provisioning. Create more application roles if required.

For detailed information about implementing and editing application roles, see the One Identity Manager Authorization and Authentication Guide.

Implementing the application role for cloud administrators
  1. The One Identity Manager administrator appoints employees to be administrators for theUniversal Cloud Interface.

  2. Cloud administrators add the employees to the default application role for operators and auditors.

    Administrators of the default application role are permitted to edit all cloud applications in One Identity Manager.

  3. Administrators can authorize additional employees to be administrators and create child application roles as needed.

Table 33: Default application role for cloud administrators

User

Tasks

Cloud administrators

Cloud administrators must be assigned to the Universal Cloud Interface | Administrators application role or a child application role.

Users with this application role:

  • Manage application roles for the Universal Cloud Interface.

  • Set up other application roles as required.

  • Configure synchronization in the Synchronization Editor and define the mapping for comparing cloud applications and One Identity Manager.

  • Edit cloud application in the Manager.

  • Edit pending, manual provisioning processes in the Web Portal and obtain statistics.

  • Obtain information about the cloud objects in the Web Portal and the Manager.

To initially specify an employee as cloud administrator

  1. Log in to One Identity Manager as a Manager administrator (Base role | Administrators)

  2. Select the One Identity Manager Administration > Universal Cloud Interface > Administrators category.

  3. Select the Assign employees task.

  4. Assign the employee you want and save the changes.

To authorize additional employees as cloud administrators

  1. Login to the Universal Cloud Interface with the Manager | Administrators application role.

  2. In the Universal Cloud Interface > Basic configuration data > Universal Cloud Interface managers > Administrators category, select the application role.

  3. Select the Assign employees task.

  4. Assign the employee and save the changes.

Related topics

Cloud operators

In One Identity Manager, you can assign employees to any cloud application to run provisioning manually. There is a default application role for cloud operators in One Identity Manager. Create more application roles if required.

Table 34: Default application role for cloud operators
User Tasks

Cloud operators

The cloud operators must be assigned to the Universal Cloud Interface | Operators application role or a child application role.

Users with this application role:

  • Edit pending, manual provisioning processes in the Web Portal and obtain statistics.

TIP: If you want to limit cloud operators' access permissions to individual cloud applications, define child application roles for each cloud application.

To specify cloud operators

  1. Login to the Universal Cloud Interface with the Manager | Administrators application role.

  2. Select the Universal Cloud Interface > Basic configuration data > Cloud applications category.

  3. Select the cloud application in the result list.

  4. Select the Change main data task.

  5. On the General tab, select the application role in the Operators menu.

    - OR -

    Next to the Operators menu, click on to create a new application role.

    • Enter the application role name and assign the Universal Cloud Interface | Operators parent application role.

    • Click OK to add the new application role.

  6. Save the changes.
  7. Assign employees, who are authorized to handle provisioning operations for this cloud application, to the application role.

NOTE: You can also specify cloud operators for individual containers. Operators of a container are authorized to edit manual provisioning processes. Specify operators for containers in the Universal Cloud Interface > <cloud application> > Container structure category.

To add employees to an application role

  1. Login to the Universal Cloud Interface with the Manager | Administrators application role.

  2. In the Universal Cloud Interface > Basic configuration data > Universal Cloud Interface managers > Operators category, select the application role.

  3. Select the Assign employees task.

  4. Assign the employees you want and save the changes.

For more information about editing application roles, see the One Identity Manager Authorization and Authentication Guide.

Related topics

Cloud auditors

In One Identity Manager, you can assign employees to any cloud application, who can audit provisioning processes in the Web Portal. There is a default application role for cloud auditors in One Identity Manager. Create more application roles if required.

Table 35: Default application role for cloud auditors
User Tasks

Cloud auditors

The cloud auditors must be assigned to the Universal Cloud Interface | Auditors application role or a child application role.

Users with this application role:

  • Can view manual provisioning processes in the Web Portal and obtain statistics.

To appoint employees to be cloud auditors

  1. Login to the Universal Cloud Interface with the Manager | Administrators application role.

  2. Select the Universal Cloud Interface > Basic configuration data > Universal Cloud Interface managers > Auditors category.

  3. Select the Assign employees task.

  4. Assign the employees you want and save the changes.

To create additional application roles for cloud auditors

  1. Login to the Universal Cloud Interface with the Manager | Administrators application role.

  2. Select the Universal Cloud Interface > Basic configuration data > Universal Cloud Interface managers > Auditors category.

  3. Click in the result list.

  4. Edit the application role's main data.
    • Enter the application role name and assign the parent Universal Cloud Interface | Auditors application role or a child application role.

  5. Save the changes.
Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级