立即与支持人员聊天

获得即时帮助
完成注册

登录

请求定价

联系销售人员

Identity Manager 8.2.1 - Administration Guide for Connecting Unix-Based Target Systems

Managing Unix-based systems

Architecture overview One Identity Manager users for managing Unix-based target systems Configuration parameters for managing Unix-based target systems

Synchronizing Unix-based target systems

Setting up initial synchronization with a Unix host

Users and permissions for synchronizing with a Unix-based target system Configuring Unix the host Setting up a synchronization server for Unix-based target systems

System requirements for the Unix synchronization server Installing One Identity Manager Service with a Unix or AIX connector

Creating a synchronization project for initial synchronization of a Unix host

Information required for setting up a synchronization project Creating an initial synchronization project for a Unix host

Configuring the synchronization log

Customizing the synchronization configuration

Configuring Unix host synchronization Configuring synchronization of several Unix hosts Changing system connection settings of Unix hosts

Editing connection parameters in the variable set Editing target system connection properties

Updating schemas Configuring the provisioning of memberships Configuring single object synchronization Accelerating provisioning and single object synchronization

Running synchronization

Starting synchronization Deactivating synchronization Displaying synchronization results Synchronizing single objects

Tasks following synchronization

Post-processing outstanding objects Adding custom tables to the target system synchronization Managing Unix user accounts through account definitions

Troubleshooting Ignoring data error in synchronization

Managing Unix user accounts and employees

Account definitions for Unix user accounts

Creating account definitions Editing account definitions Main data for an account definition Editing manage levels Creating manage levels Assigning manage levels to account definitions Main data for manage levels Creating mapping rules for IT operating data Entering IT operating data Modify IT operating data Assigning account definitions to employees

Assigning account definitions to departments, cost centers, and locations Assigning account definitions to business roles Assigning account definitions to all employees Assigning account definitions directly to employees Assigning account definitions to system roles Adding account definitions to the IT Shop

Assigning account definitions to Unix hosts Deleting account definitions

Assigning employees automatically to Unix user accounts

Editing search criteria for automatic employee assignment Finding employees and directly assigning them to user accounts Changing manage levels for Unix user accounts

Supported user account types

Default user accounts Administrative user accounts

Providing administrative user accounts for one employee Providing administrative user accounts for several employees

Privileged user accounts

Specifying deferred deletion for Unix user accounts

Managing memberships in Unix groups

Assigning Unix groups to Unix user accounts

Prerequisites for indirect assignment of Unix groups to Unix user accounts Assigning Unix groups to departments, cost centers and locations Assigning Unix groups to business roles Adding Unix groups to system roles Adding Unix groups to the IT Shop

Removing Unix groups from an IT Shop shelf Removing Unix groups from all IT Shop shelves

Assigning Unix user accounts directly to Unix groups Assigning Unix groups directly to Unix user accounts

Effectiveness of membership in Unix user groups Unix group inheritance based on categories Overview of all assignments

Login information for Unix user accounts

Password policies for Unix user accounts

Predefined password policies Using password policies Creating password policies Editing password policies General main data for password policies Character classes for passwords Policy settings Custom scripts for password requirements

Checking passwords with a script Generating passwords with a script

Password exclusion list Checking a password Testing password generation

Initial password for new Unix user accounts Email notifications about login data

Mapping of Unix objects in One Identity Manager

General main data of Unix hosts Defining categories for the inheritance of entitlements Editing the synchronization project for a Unix host Displaying the Unix hosts overview Displaying Unix login shells

Unix user accounts

Creating and editing Unix user accounts General main data of Unix user accounts User account main data for AIX systems

Limits for user accounts Password data for user accounts Security-relevant user account main data Main data for user accounts on an encrypted file system

Assigning extended properties to Unix user accounts Disabling AIX system user accounts Deleting and restoring Unix user accounts Displaying the Unix user account overview

Editing main data of Unix groups General main data for Unix groups Adding Unix groups to Unix groups Assigning extended properties to Unix groups Deleting Unix groups Displaying the Unix group overview

Reports about Unix objects

Handling of Unix objects in the Web Portal Basic data for Unix-based target systems

Target system managers Job server for Unix-specific process handling

General main data for a Job server Server functions of a Job server

Configuration parameters for managing Unix-based target systems Default project template for Unix-based target systems Unix connector settings

Assigning Unix groups to business roles

NOTE: This function is only available if the Business Roles Module is installed.

Assign the group to business roles so that the group is assigned to user accounts through these business roles.

To assign a group to a business role (non role-based login)

In the Manager, select the Unix > Groups category.
Select the group in the result list.
Select the Assign business roles task.
In the Add assignments pane, select the role class and assign business roles.
TIP: In the Remove assignments pane, you can remove assigned business roles.

To remove an assignment
- Select the business role and double-click .
Save the changes.

To assign groups to a business role (non role-based login or role-based login)

In the Manager, select the Business roles > <role class> category.
Select the business role in the result list.
Select the Assign Unix groups task.
In the Add assignments pane, assign the groups.
TIP: In the Remove assignments pane, you can remove the assignment of groups.

To remove an assignment
- Select the group and double-click .
Save the changes.

Related topics

Adding Unix groups to system roles

NOTE: This function is only available if the System Roles Module is installed.

Use this task to add a group to system roles.

If you assign a system role to employees, all Unix user accounts owned by this employee inherit the group.

NOTE: Groups with Only use in IT Shop set can only be assigned to system roles that also have this option set. For more information, see the One Identity Manager System Roles Administration Guide.

To assign a group to system roles

In the Manager, select the Unix > Groups category.
Select the group in the result list.
Select the Assign system roles task.
In the Add assignments pane, assign system roles.
TIP: In the Remove assignments pane, you can remove assigned system roles.

To remove an assignment
- Select the system role and double-click .
Save the changes.

Related topics

Adding Unix groups to the IT Shop

Once a group has been assigned to an IT Shop shelf, it can be requested by the shop customers. To ensure it can be requested, further prerequisites need to be guaranteed.

The group must be labeled with the IT Shop option.
The group must be assigned to a service item.
If you want the group to be assigned only to employees through the IT Shop, the group must also be marked with the Only use in IT Shop. Direct assignment to hierarchical roles may not be possible.

NOTE: IT Shop administrators can assign groups to the IT Shop shelves if login is role-based. Target system administrators are not authorized to add groups in the IT Shop.

To add a group to the IT Shop

In the Manager, select the Unix > Groups (non role-based login) category.

- OR -

In the Manager, select the Entitlements > Unix groups (role-based login) category.
Select the group in the result list.
Select the Add to IT Shop task.
In the Add assignments pane, add to the IT Shop shelves.
Save the changes.

For detailed information about requesting company resources through the IT Shop, see the One Identity Manager IT Shop Administration Guide.

Related topics

Removing Unix groups from an IT Shop shelf

To remove a group from individual IT Shop shelves

In the Manager, select the Unix > Groups (non role-based login) category.

- OR -

In the Manager, select the Entitlements > Unix groups (role-based login) category.
Select the group in the result list.
Select the Add to IT Shop task.
In the Remove assignments pane, remove the group from the IT Shop shelves.
Save the changes.

Related topics

Removing Unix groups from all IT Shop shelves

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级

© ALL RIGHTS RESERVED. Feedback 使用条款隐私 Cookie Preference Center