立即与支持人员聊天
与支持团队交流

Identity Manager 9.0 LTS - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning employees, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded employees Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Reports about departments, cost centers, and locations
Employee administration
One Identity Manager users for employee administration Basic data for employee main data Employee's central user account Employee's default email address Employee's central password Mapping multiple employee identities Password policies for employees Creating and editing employees Disabling and deleting employees Deleting all employee related data Limited access to One Identity Manager Changing the certification status of employees Assigning company resources to employees Displaying the origin of employees' roles and entitlements Analyzing role memberships and employee assignments Displaying the employees overview Displaying and deleting employees' Webauthn security keys Determining the language for employees Determining employees working hours Manually assigning user accounts to employees Entering calls for employees Assigning extended properties to employees Employee reports
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing employees Configuration parameters for managing devices and workdesks

Editing mail templates for employees

For more information about creating and editing mail template, see the One Identity Manager Operational Guide.

A mail template consists of general main data such as target format, importance, or mail notification confidentiality, and one or more mail definitions. Mail text is defined in several languages in the mail template. This ensures that the language of the recipient is taken into account when the email is generated.

Related topics

Employee's central user account

Table 28: Configuration parameter for forming the central user accounts
Configuration parameter Meaning

QER | Person | CentralAccountGlobalUnique

Specifies how the central user account is mapped.

If this configuration parameter is set, the central user account for an employee is formed uniquely in relation to the central user accounts of all employees and the user account names of all permitted target systems.

If the configuration parameter is not set, it is only formed uniquely related to the central user accounts of all employees.

The employee’s central user account is used to form the user account login name in the active system. The central user account is still used for logging into the One Identity Manager tools. In One Identity Manager default installation, the central user account is made up of the first and the last name of the employee. If only one of these is known, then it is used for the central user account. One Identity Manager checks to see if a central user account with that value already exists. If this is the case, an incremental number is added to the end of the value.

Table 29: Example of forming of central user accounts
First name Last name Central user account

Jo

 

JO

 

User1

J

Jo

User1

JOU

Jo

User2

JOU1

Employee's default email address

The employee’s default email address is displayed on the mailboxes in the activated target system. In the One Identity Manager default installation, the default email address is formed from the employee’s central user account and the default mail domain of the active target system.

The default mail domain is determined using the QER | Person | DefaultMailDomain configuration parameter.

  • In the Designer, set the configuration parameter and enter the default mail domain name as a value.
Related topics

Employee's central password

An employee's central password can be used for logging into the target systems and for logging in to One Identity Manager. Depending on the configuration, an employee's central password is replicated to their user accounts and their system user password.

  • To publish the change in an employee's central user password to all existing user accounts of the employee, check in the Designer if the QER | Person | UseCentralPassword configuration parameter is set. If not, set the configuration parameter.

  • To copy an employee's central password to their system user password for logging in, in the Designer, check if the QER | Person | UseCentralPassword | SyncToSystemPassword configuration parameter is set. If not, set the configuration parameter.

  • If an employee’s system user account must be unlocked if the central password is given, in the Designer, check if the QER | Person | UseCentralPassword | SyncToSystemPassword | UnlockByCentralPassword configuration parameter is set. If not, set the configuration parameter.

NOTE:

  • The Employee central password policy password policy is applied to an employee's central password. Ensure that the password policy does not violate the target system's specific password policies.

  • Use the QER | Person | UseCentralPassword | CheckAllPolicies configuration parameter to specify whether the employee’s central password is tested against all the target system’s password policies in which the employee has user accounts. This test is only carried out in the Password Reset Portal.

  • An employee's central password is published to a user account only if the user account's target system is synchronized by the One Identity Manager.

  • If a target system is read-only, an employee's central password is not propagated to user accounts in that target system.

  • An employee's central password is not replicated to privileged user accounts of the employee.

  • If a password cannot be changed due to an error, the employee receives a corresponding email notification.

  • To replicate an employee's central password to a password column of a customer-specific user account table, in the Designer, define a ViewAddOn for the QERVPersonCentralPwdColumn view. The database view returns the password column of the user account tables. The user account table must have a reference to the employee (UID_Person) and a XMarkedForDeletion column. For more information about modifying the One Identity Manager schema, see the One Identity Manager Configuration Guide.

  • If you want to map additional user-specific features, overwrite the QER_Publish_CentralPassword script. For more information about editing scripts, see the One Identity Manager Configuration Guide.

  • The central password, the system user password, and the user account passwords can be changed by using the Password Reset Portal. For more information, see the One Identity Manager Web Designer Web Portal User Guide and the One Identity Manager Web Application Configuration Guide.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级