立即与支持人员聊天
与支持团队交流

Identity Manager 9.0 LTS - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning employees, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded employees Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Reports about departments, cost centers, and locations
Employee administration
One Identity Manager users for employee administration Basic data for employee main data Employee's central user account Employee's default email address Employee's central password Mapping multiple employee identities Password policies for employees Creating and editing employees Disabling and deleting employees Deleting all employee related data Limited access to One Identity Manager Changing the certification status of employees Assigning company resources to employees Displaying the origin of employees' roles and entitlements Analyzing role memberships and employee assignments Displaying the employees overview Displaying and deleting employees' Webauthn security keys Determining the language for employees Determining employees working hours Manually assigning user accounts to employees Entering calls for employees Assigning extended properties to employees Employee reports
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing employees Configuration parameters for managing devices and workdesks

Checking employee passwords

When you verify a password, all the password policy settings, custom scripts, and the restricted passwords are taken into account.

To verify if a password conforms to the password policy

  1. In the Manager, select the Employees > Basic configuration data > Password policies category.

  2. In the result list, select the password policy.

  3. Select the Change main data task.

  4. Select the Test tab.

  5. Select the table and object to be tested in Base object for test.

  6. Enter a password in Enter password to test.

    A display next to the password shows whether it is valid or not.

Generating passwords for testing employees

When you generate a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.

To generate a password that conforms to the password policy

  1. In the Manager, select the Employees > Basic configuration data > Password policies category.

  2. In the result list, select the password policy.

  3. Select the Change main data task.

  4. Select the Test tab.

  5. Click Generate.

    This generates and displays a password.

Informing employees about expiring passwords

There are different ways to inform users that their password is going to expire:

  • Users are alerted about their password expiring when they log in to One Identity Manager and can change their password if necessary.

  • For employee-based authentication modules, the system sends reminder notifications in relation to expiring passwords as of seven days in advance of the password expiry date.

    • You can adjust the time in days in the Common | Authentication | DialogUserPasswordReminder configuration parameter. Edit the configuration parameter in the Designer.

    • The notifications are triggered in accordance with the Reminder system user password expires schedule and use the Employee - system user password expires mail template. You can adjust the schedule and mail template in the Designer if required.

For more information about One Identity Manager authentication modules and about editing system users, see the One Identity Manager Authorization and Authentication Guide.

Displaying locked employees and system users

If a user has exceeded the maximum number of failed logins, the employee or system user will not be able to log in to One Identity Manager.

  • Locked employees are displayed in the Manager in the Employees > Locked employees category. An additional message referring to the locked login is also displayed on the overview form for an employee.

  • Locked system users are displayed in the Designer in the Permissions > System users > Locked system users category. An additional message referring to the locked login is also displayed on the overview form for a system user.

You can reset the passwords of employees and system users who have been blocked in Password Reset Portal. This unlocks the employees and system users again. For more information, see the One Identity Manager Web Designer Web Portal User Guide and the One Identity Manager Web Application Configuration Guide.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级