立即与支持人员聊天
与支持团队交流

Identity Manager 9.0 LTS - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning employees, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded employees Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Reports about departments, cost centers, and locations
Employee administration
One Identity Manager users for employee administration Basic data for employee main data Employee's central user account Employee's default email address Employee's central password Mapping multiple employee identities Password policies for employees Creating and editing employees Disabling and deleting employees Deleting all employee related data Limited access to One Identity Manager Changing the certification status of employees Assigning company resources to employees Displaying the origin of employees' roles and entitlements Analyzing role memberships and employee assignments Displaying the employees overview Displaying and deleting employees' Webauthn security keys Determining the language for employees Determining employees working hours Manually assigning user accounts to employees Entering calls for employees Assigning extended properties to employees Employee reports
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing employees Configuration parameters for managing devices and workdesks

Specifying scope limits for extended properties

You can subdivide extended properties by specifying scoped limits. You are not obliged to enter scoped limit. If you do enter a lower boundary you are not required to enter an upper one. However, if you specify an upper boundary, you have to enter a lower one.

Take note of the following when defining scoped limits:

  • Basically, any string is permitted as a lower or upper scoped limit.

  • You can use * as a wildcard for any number of characters (even null).

  • Wild cards can only be added to the end of a string, for example, AB*. Strings such as *AB or A*B are not allowed, for example.

  • If you enter a lower boundary without a wildcard, you cannot use a wildcard in the upper boundary.

The following restrictions apply for the length of the string:

  • If you enter a lower and upper boundary without a wildcard, the strings have to be the same length, for example, lower boundary 123/upper boundary 456. A lower boundary of 123 and an upper of 45, for example, is not permitted or a lower boundary 123/upper boundary 4567 is also not allowed.

  • If you use a wildcard in the lower boundary but none in the upper boundary, then the length of the upper boundary string needs to be the same as or bigger than the string in the lower boundary.

  • If you use a wildcard in the lower and upper boundary, they have to be the same length, for example, lower boundary 123*/upper boundary 456*. A lower boundary of 123* and an upper of 45*, for example, is not permitted or a lower boundary 123*/upper boundary 4567* is also not allowed.

Displaying the extended properties overview

Use this task to obtain an overview of the most important information about an extended property. For this you need to take into account the affiliation of the extended property to the different One Identity Manager objects.

To obtain an overview of an extended property

  1. In the Manager, select the Entitlements > Basic configuration data > Extended properties > <property group> category.

  2. Select the extended property in the result list.

  3. Select the Extended property overview task.

To obtain an overview of a property group

  1. In the Manager, select the Entitlements > Basic configuration data > Extended properties category.

  2. Select a property group in the result list.

  3. Select the Property group overview task.

Assigning objects to extended properties

You can assign extended properties to company resources, hierarchical roles, and employees.

To assign objects to an extended property

  1. In the Manager, select the Entitlements > Basic configuration data > Extended properties > <property group> category.

  2. Select the extended property in the result list.

  3. Select the Assign objects task.

  4. In the Table menu, select the required object type.

    The object belonging to the object types are displayed on the form.

  5. In the Add assignments pane, assign objects.

    TIP: In the Remove assignments pane, you can remove object assignments.

    To remove an assignment

    • Select the object and double-click .
  6. Save the changes.

Configuration parameters for managing departments, cost centers, and locations

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 68: Configuration parameter
Configuration parameters Description
QER | Structures Controls whether hierarchical roles are supported.

QER | Structures | DynamicGroupCheck

Controls generation of calculation tasks for dynamic roles. If the configuration parameter is not set, the subparameters do not apply.

QER | Structures | DynamicGroupCheck |
CalculateImmediatelyPerson

If the parameter is set, a calculation task for modifications to employees or employee level objects is queued immediately in the DBQueue Processor. If the parameter is not set, the calculation tasks are queued the next time the schedule is planned to run.

QER | Structures | DynamicGroupCheck |
CalculateImmediatelyHardware

If the parameter is set, a calculation task for modifications to employees or employee level objects is queued immediately in the DBQueue Processor. If the parameter is not set, the calculation tasks are queued the next time the schedule is planned to run.

QER | Structures | DynamicGroupCheck |
CalculateImmediatelyWorkdesk

If the parameter is set, a calculation task for modifications to workdesks or workdesk level objects is queued immediately in the DBQueue Processor. If the parameter is not set, the calculation tasks are queued the next time the schedule is planned to run.

QER | Structures | ExcludeStructures

Preprocessor relevant configuration parameter for defining the effectiveness of role memberships. If this parameter is set, mutually excluding roles can be defined. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

QER | Structures | Inherite | Employee

Determines whether employees inherit through primary assignment.

QER | Structures | Inherite | Employee| GroupExclusion

Specifies whether employees inherit assignments from their primary department (Person.UID_Department).

QER | Structures | Inherite | Employe | FromLocality

Specifies whether employees inherit assignments from their primary location (Person.UID_Locality).

QER | Structures | Inherite | Employee| FromProfitCenter

Specifies whether employees inherit assignments from their primary cost center (Person.UID_ProfitCenter).

QER | Structures | Inherite | Hardware

Determines whether devices inherit through primary assignment.

QER | Structures | Inherite | Hardware | FromDepartment

Specifies whether devices inherit assignments from their primary department (Hardware.UID_Department).

QER | Structures | Inherite | Hardware | FromLocality

Specifies whether devices inherit assignments from their primary location (Hardware.UID_Locality).

QER | Structures | Inherite | Hardware | FromProfitCenter

Specifies whether devices inherit assignments from their primary cost center (Hardware.UID_ProfitCenter).

QER | Structures | Inherite | Workdesk

Determines whether workdesks inherit through primary assignment.

QER | Structures | Inherite | Workdesk | FromDepartment

Specifies whether workdesks inherit assignments from their primary department (Workdesks.UID_Department).

QER | Structures | Inherite | Workdesk | FromLocality

Specifies whether workdesks inherit assignments from their primary location (Workdesk.UID_Locality).

QER | Structures | Inherite | Workdesk | FromProfitCenter

Specifies whether workdesks inherit assignments from their primary cost center (Workdesk.UID_ProfitCenter).

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级