立即与支持人员聊天
与支持团队交流

Identity Manager 9.1 - Administration Guide for Connecting to a Universal Cloud Interface

Managing Universal Cloud Interface environments Synchronizing a cloud application in the Universal Cloud Interface
Setting up initial synchronization with a cloud application in the Universal Cloud Interface Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Provisioning object changes Managing cloud user accounts and employees Managing assignments of cloud groups and system entitlements Login information for cloud user accounts Mapping cloud objects in One Identity Manager
Cloud target systems Container structures Cloud user accounts Cloud groups Cloud system entitlements Cloud permissions controls Reports about objects in cloud target systems
Handling cloud objects in the Web Portal Basic data for managing a Universal Cloud Interface environment Configuration parameters for managing cloud target systems Default project template for cloud applications in the Universal Cloud Interface

Mapping cloud objects in One Identity Manager

Use the One Identity Manager to manage cloud application user accounts and entitlements. Each cloud application is mapped as its own base object in One Identity Manager. The user data is saved as user accounts, groups, system entitlements, and permissions controls and can be organized into containers.

Groups and system entitlements represent the objects used in the cloud application to control access to the cloud resources. A user account obtains the necessary permissions to access cloud resources by assigning it to groups and system entitlements.

Detailed information about this topic

Cloud target systems

A cloud target system corresponds to a cloud application in the Universal Cloud Interface.

NOTE: The Synchronization Editor sets up the cloud target systems in the One Identity Manager database.

To edit a cloud system's main data

  1. In the Manager, select the Cloud target systems > Basic configuration data > Cloud target systems category.

  2. Select the target system in the result list.

  3. Select the Change main data task.

  4. Edit the target system type main data.

  5. Save the changes.

TIP: You can also edit cloud target system properties in the Manager in the Cloud Target Systems | <target system> category.

Detailed information about this topic

General main data for cloud target systems

Enter the following main data for a cloud target system.

Table 27: Cloud target system main data

Property

Description

Cloud target system

Name of the target system.

Canonical name

Name of the target system conforming with DNS syntax.

target system name.parent target system name.primary system name

Example: DHW2k01.Testlab.com

Distinguished name

Cloud target system's distinguished name. This distinguished name is used to form distinguished names for child objects. If the target system does not supply any distinguished names, you can enter the target system identifier here, for example.

Syntax example: DC = <target system>

Display name

Name that is displayed in the One Identity Manager tools for the target system.

Account definition (initial)

Initial account definition for creating user accounts. This account definition is used if automatic assignment of employees to user accounts is used for this cloud target system and user accounts should be created which are already managed (Linked configured state). The account definition's default manage level is applied.

User accounts are only linked to the employee (Linked) if no account definition is given. This is the case on initial synchronization, for example.

Deferred deletion [days]

Number of days to defer deletion operations for this target system. For more information, see Setting deferred deletion for cloud target system user accounts.

Target system managers

Application role in which target system managers are specified. The target system managers only modify the cloud target system objects assigned to them. Therefore, each cloud target system can have a different target system manager assigned to it.

Select the One Identity Manager application role whose members are responsible for administration of this cloud target system. Use the button to add a new application role.

Synchronized by

Type of synchronization through which the data is synchronized between the target system and One Identity Manager. You can no longer change the synchronization type once objects for this target system are present in One Identity Manager.

If you create a cloud target system with the Synchronization Editor, One Identity Manager is used.

Table 28: Permitted values
Value Synchronization by Provisioned by
One Identity Manager Universal Cloud Interface connector Universal Cloud Interface connector
No synchronization none none
NOTE: If you select No synchronization, you can define custom processes to exchange data between One Identity Manager and the target system.

Types of system entitlements used

Types of system entitlements to which user accounts can be assigned in this cloud target system.

User account contains memberships

Specifies which types of system entitlements maintain assignments to user accounts.

Enables the types that maintain assignments to user accounts.

Disables the types that maintain assignments to user accounts.

Example:

In the System entitlement types used menu, the values Group and System entitlement 1 are selected. In the User account contains memberships menu, only the value System entitlement 1 is selected.

Assignments of user accounts to groups are saved with the groups, the assignments of user accounts to system entitlements 1 with the user accounts.

Description

Text field for additional explanation.

Manual provisioning

Specifies whether changes to cloud objects in the One Identity Manager database are automatically provisioned in the cloud application. If this option is not set, processes for automatic provisioning of object modifications are configured.

Set this option, if object modifications are not allowed to be published automatically in the cloud application. Use the Web Portal to transfer the changes to the cloud application. For more information about provisioning object modifications, see the One Identity Manager Administration Guide for Connecting to Cloud Applications.

IMPORTANT: If you set this option, ensure that data, using regular and frequent synchronization,

  • between the Universal Cloud Interface Module and the cloud application and

  • between the modules Universal Cloud Interface and Cloud Systems Management

is kept consistent!

User account deletion not permitted Specifies whether user accounts in the cloud target system can be deleted. If this option is set, user account can only be disabled.
Related topics

Defining categories for inheriting cloud groups and system entitlements

NOTE: The functionality described here for groups applies equally to system entitlements.

In One Identity Manager, user accounts can selectively inherit groups. To do this, groups and user accounts are divided into categories. The categories can be freely selected and are specified using a mapping rule. Each category is given a specific position within the template. The mapping rule contains different tables. Use the user account table to specify categories for target system dependent user accounts. In the group table, enter your categories for the target system-dependent groups. Each table contains the category positions position 1 to position 63.

To define a category

  1. In the Manager, select the target system in the Cloud target systems category.

  2. Select the Change main data task.

  3. Switch to the Mapping rule category tab.

  4. Extend the relevant roots of a table.

  5. To enable the category, double-click .

  6. Enter a category name of your choice for user accounts and groups in the login language that you use.

  7. Save the changes.
Detailed information about this topic
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级