立即与支持人员聊天
与支持团队交流

Identity Manager 8.2 - Administration Guide for Connecting to a Universal Cloud Interface

Managing Universal Cloud Interface environments Synchronizing a cloud application in the Universal Cloud Interface Provisioning object changes Managing cloud user accounts and employees Managing memberships in cloud groups Login information for cloud user accounts Mapping cloud objects in One Identity Manager
Cloud target systems Container structures Cloud user accounts Cloud groups Cloud system entitlements Cloud permissions controls Reports about objects in cloud target systems
Handling cloud objects in the Web Portal Basic data for managing a Universal Cloud Interface environment Configuration parameters for managing cloud target systems Default project template for cloud applications in the Universal Cloud Interface

Deleting cloud permissions controls

This deletes the permissions control completely from the One Identity Manager database. Once you have deleted a permissions control, it is also deleted in the Universal Cloud Interface Module through the provisioning process and then in the cloud application. The deletion is logged as a pending change. You can see whether the permissions control has been deleted in the cloud application from the process status for the pending change. The same applies if permissions control assignments to user accounts or groups are deleted.

To delete a permissions control

  1. In Manager, select the Cloud Target Systems > <target system> > Permissions controls category.

  2. Select the permissions control in the result list.

  3. Click to delete the permissions control.

  4. Confirm the security prompt with Yes.
Related topics

Reports about objects in cloud target systems

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for cloud systems.

NOTE: Other sections may be available depending on the which modules are installed.

Table 41: Data quality target system report

Report

Published for

Description

Show overview

User account

This report shows an overview of the user account and the assigned permissions.

Show overview including origin

User account

This report shows an overview of the user account and origin of the assigned permissions.

Show overview including history

User account

This report shows an overview of the user accounts including its history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Show user accounts overview (incl. history)

Container

This report shows all the container's user accounts with their permissions including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Show system entitlements overview (incl. history)

Container

This report shows the container's system entitlements with the assigned user accounts including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Overview of all assignments

Container

This report finds all roles containing employees with at least one user account in the selected container.

Overview of all assignments

System entitlement

group

This report finds all roles containing employees who have the selected system entitlement.

Show overview

System entitlement

group

This report shows an overview of the system entitlement and its assignments.

Show overview including origin

System entitlement

group

This report shows an overview of the system entitlement and origin of the assigned user accounts.

Show overview including history

System entitlement

group

This report shows an overview of the system entitlement and including its history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Show entitlement drifts

Cloud target system

This report shows all system entitlements that are the result of manual operations in the target system rather than provisioned by One Identity Manager.

Show user accounts overview (incl. history)

Cloud target system

This report returns all the user accounts with their permissions including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Show user accounts with an above average number of system entitlements

Cloud target system

This report contains all user accounts with an above average number of system entitlements.

Show employees with multiple user accounts

Cloud target system

This report shows all the employees that have multiple user accounts. The report contains a risk assessment.

Show system entitlements overview (incl. history)

Cloud target system

This report shows the system entitlements with the assigned user accounts including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Overview of all assignments

Cloud target system

This report finds all roles containing employees with at least one user account in the selected target system.

Show unused user accounts

Cloud target system

This report contains all user accounts, which have not been used in the last few months.

Show orphaned user accounts

Cloud target system

This report shows all user accounts to which no employee is assigned.

Table 42: Additional reports for the target system

Report

Description

Cloud target systems user account and group administration

This report contains a summary of user account and group distribution in all cloud target systems. You can find this report in My One Identity Manager.

Cloud Target Systems Data Quality Summary

This report contains different evaluations of user account data quality in all cloud target systems. You can find this report in My One Identity Manager.

Related topics

Handling cloud objects in the Web Portal

One Identity Manager enables its users to perform various tasks simply using a Web Portal.

  • Managing user accounts and employees

    An account definition can be requested by shop customers in the Web Portal if it is assigned to an IT Shop shelf. The request undergoes a defined approval process. The user account is not created until it has been agreed by an authorized person, such as a manager.

  • Managing assignments of groups and system entitlements

    These products can be requested in the Web Portal by the shop's customers by assigning groups and system entitlements to an IT Shop shelf. The request undergoes a defined approval process. The group or system entitlement is not assigned until it has been approved by an authorized person.

    In the Web Portal, managers and administrators of organizations can assign system entitlements to the departments, cost centers, or locations for which they are responsible. The system entitlements and groups are inherited by all employees who are members of these departments, cost centers, or locations.

    If the Business Roles Module is available, managers and administrators of business roles can assign groups and system entitlements to the business roles in the Web Portal for which they are responsible. The groups and system entitlements are inherited by all employees who are members of these business roles.

    If the System Roles Module is available, those with system roles responsibilities can assign groups and system entitlements to the system roles in the Web Portal. The groups and system entitlements are inherited by all employees to whom these system roles are assigned.

  • Attestation

    If the Attestation Module is available, the correctness of the properties of target system objects and of entitlement assignments can be verified on request. To enable this, attestation policies are configured in the Manager. The attestors use the Web Portal to approve attestation cases.

  • Governance administration

    If the Compliance Rules Module is available, you can define rules that identify the invalid group memberships and evaluate their risks. The rules are checked regularly, and if changes are made to the objects in One Identity Manager. Compliance rules are defined in the Manager. Supervisors use the Web Portal to check and resolve rule violations and to grant exception approvals.

    If the Company Policies Module is available, company policies can be defined for the target system objects mapped in One Identity Manager and their risks evaluated. Company policies are defined in the Manager. Supervisors use the Web Portal to check policy violations and to grant exception approvals.

  • Risk assessment

    You can use the risk index of groups to evaluate the risk of entitlement assignments for the company. One Identity Manager provides default calculation functions for this. The calculation functions can be modified in the Web Portal.

  • Reports and statistics

    The Web Portal provides a range of reports and statistics about the employees, user accounts, and their entitlements and risks.

For more information about the named topics, see Managing cloud user accounts and employees, Managing memberships in cloud groups, and the following guides:

  • One Identity Manager Web Designer Web Portal User Guide

  • One Identity Manager Attestation Administration Guide

  • One Identity Manager Compliance Rules Administration Guide

  • One Identity Manager Company Policies Administration Guide

  • One Identity Manager Risk Assessment Administration Guide

Basic data for managing a Universal Cloud Interface environment

The following data is relevant for managing cloud application in the Cloud Systems Management Module.

  • Configuration parameter

    Use configuration parameters to configure the behavior of the system's basic settings. One Identity Manager provides default settings for different configuration parameters. Check the configuration parameters and modify them as necessary to suit your requirements.

    Configuration parameters are defined in the One Identity Manager modules. Each One Identity Manager module can also install configuration parameters. In the Designer, you can find an overview of all configuration parameters in the Base data > General > Configuration parameters category.

    For more information, see Configuration parameters for managing cloud target systems.

  • Target system types

    Target system types are required for configuring target system comparisons. Tables with outstanding objects are maintained with the target system types and settings are configured for provisioning memberships and single objects synchronization. Target system types also map objects in the Unified Namespace.

    For more information, see Post-processing outstanding objects.

  • Account definitions

    One Identity Manager has account definitions for automatically allocating user accounts to employees. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.

    For more information, see Account definitions for cloud user accounts.

  • Password policy

    One Identity Manager provides you with support for creating complex password policies, for example, for system user passwords, the employees' central password as well as passwords for individual target systems. Password polices apply not only when the user enters a password but also when random passwords are generated.

    Predefined password policies are supplied with the default installation that you can use or customize if required. You can also define your own password policies.

    For more information, see Password policies for cloud user accounts.

  • Initial password for new user accounts

    You have the different options for issuing an initial password for user accounts. Enter a password or use a random generated initial password when you create a user account.

    For more information, see Initial password for new cloud user accounts.

  • Email notifications about credentials

    When a new user account is created, the login data are sent to a specified recipient. In this case, two messages are sent with the user name and the initial password. Mail templates are used to generate the messages.

    For more information, see Email notifications about login data.

  • Target system managers

    A default application role exists for the target system manager in One Identity Manager. Assign the employees who have permission to edit all cloud target system in One Identity Manager to this application role.

    Define additional application roles if you want to limit the permissions for target system managers to individual cloud target systems. The application roles must be added under the default application role.

    For more information, see Target system managers.

  • Servers

    Servers and their server functionality must be declared to handle target system-specific processes in the One Identity Manager. For example, the synchronization server.

    For more information, see Job server for Universal Cloud Interface-specific process handling.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级