Identity Manager 8.2.1 - Authorization and Authentication Guide

NOTE: This authentication module is available if the Identity Management Base Module is installed.

Credentials	The authentication module uses the Active Directory login data of the user currently logged in on the workstation.
Prerequisites	The system user with permissions exists in the One Identity Manager database. The employee exists in the One Identity Manager database. Permitted logins are entered in the employee's main data. The logins are expected in the form: domain\user. The system user is entered in the employee's main data.
Set as default	No
Single sign-on	Yes
Front-end login allowed	Yes
Web Portal login allowed	Yes
Remarks	All employee logins saved in the One Identity Manager database are found. The employee whose login data matches that of the current user is used for logging in. If an employee has more than one identity, the QER \| Person \| MasterIdentity \| UseMasterForAuthentication configuration parameter controls which employee identity is used for authentication. If this configuration parameter is set, the employee’s main identity is used for authentication. If this configuration parameter is set, the employee’s subidentity is used for authentication. The user interface and permissions are loaded through the system user that is directly assigned to the employee found. Data modifications are attributed to the current user account.

User account (role-based)

NOTE: This authentication module is available if the Identity Management Base Module is installed.

Credentials	The authentication module uses the Active Directory login data of the user currently logged in on the workstation.
Prerequisites	The employee exists in the One Identity Manager database. Permitted logins are entered in the employee's main data. The logins are expected in the form: domain\user. The employee is assigned at least one application role.
Set as default	No
Single sign-on	Yes
Front-end login allowed	Yes
Web Portal login allowed	Yes
Remarks	All employee logins saved in the One Identity Manager database are found. The employee whose login data matches that of the current user is used for logging in. If an employee has more than one identity, the QER \| Person \| MasterIdentity \| UseMasterForAuthentication configuration parameter controls which employee identity is used for authentication. If this configuration parameter is set, the employee’s main identity is used for authentication. If this configuration parameter is set, the employee’s subidentity is used for authentication. A dynamic system user is determined from the employee's application roles. The user interface and the permissions are loaded through this system user. Data modifications are attributed to the current user account.

Account based system user

NOTE: This authentication module is available if the Configuration Module is installed.

Credentials	The authentication module uses the Active Directory login data of the user currently logged in on the workstation.
Prerequisites	The system user with permissions exists in the One Identity Manager database. Permitted logins are entered in the system user's main data. The logins are expected in the form: domain\user.
Set as default	No
Single sign-on	Yes
Front-end login allowed	Yes
Web Portal login allowed	No
Remarks	All system user logins saved in the One Identity Manager database are found. The system user whose login data matches that of the current user is used for logging in. The user interface and the permissions are loaded through the system user. Data modifications are attributed to the current user account.

Active Directory user account

NOTE: This authentication module is available if the Active Directory Module is installed.

Credentials	The authentication module uses the Active Directory login data of the user currently logged in on the workstation.
Prerequisites	The system user with permissions exists in the One Identity Manager database. The employee exists in the One Identity Manager database. The system user is entered in the employee's main data. The Active Directory user account exists in the One Identity Manager database and the employee is entered in the user account's main data.
Set as default	Yes
Single sign-on	Yes
Front-end login allowed	Yes
Web Portal login allowed	Yes
Remarks	The appropriate user account is found in the One Identity Manager database through the user's SID and the domain given at login. One Identity Manager determines which employee is assigned to the user account. If an employee has more than one identity, the QER \| Person \| MasterIdentity \| UseMasterForAuthentication configuration parameter controls which employee identity is used for authentication. If this configuration parameter is set, the employee’s main identity is used for authentication. If this configuration parameter is set, the employee’s subidentity is used for authentication. The user interface and permissions are loaded through the system user that is directly assigned to the employee found. If a system user is not assigned to the employee, the system user from the SysConfig \| Logon \| DefaultUser configuration parameter is used. Data modifications are attributed to the current user account.

NOTE: If the Connect automatically option is set, authentication is no longer necessary for subsequent logins.