Enter the location's network configuration data.
Property | Description |
---|---|
IP offset |
IP offset of the location. |
Subnet mask |
Subnet mask of the location. |
Enter the location's network configuration data.
Property | Description |
---|---|
IP offset |
IP offset of the location. |
Subnet mask |
Subnet mask of the location. |
Enter another address and a description of the way to reach the location. Use the button next to the input field to enable it and enter data. Use the button to remove data from the list.
Property | Description |
---|---|
Visitors address |
Location address for visitors. |
Travel directions |
Travel directions to the location. |
Here, you can enter values to classify a location for analyzing the risk of a location in the context of identity audit.
Property | Description |
---|---|
Functional area |
Location's function area. This data is required for location's risk assessment. |
Risk index (calculated) |
A risk index is calculated for the location risk assessment based on assigned company resources. This field is only visible if the QER | CalculateRiskIndex configuration parameter is set. |
Transparency index |
Specifies how well you can trace location assignments. Use the slider to enter a value between 0 and 1. 0: no transparency 1: full transparency |
Max. number of rule violations |
Number of rule violations allowed in this location. The value can be evaluated when compliance rules are checked. NOTE: This property is only available if the Compliance Rules Module is installed. |
Turnover for this unit |
Turnover for this location. |
Earnings for this unit |
Earnings for this location. |
To create user accounts for an identity with the Full managed manage level, you need to know which IT operating data is required. The operating data required for each specific target system is defined with its departments, locations, or cost centers. An identity is assigned a primary location, primary department, or primary cost center. The necessary IT operating data is ascertained from these assignments and used in creating the user accounts. Default values are used if valid IT operating data cannot be found over the primary roles.
You can also specify IT operating data directly for a specific account definition.
Normally, each identity in department A obtains a default user account in the domain A. In addition, certain identities in department A obtain administrative user accounts in the domain A.
For more information, see the One Identity Manager Target System Base Module Administration Guide.
To define IT operating data
In the Manager, select the Organizations > <role class> category.
Select the role in the result list.
Select the Edit IT operating data task.
Click Add and enter the following data.
Effects on: Specify an IT operating data application scope. The IT operating data can be used for a target system or a defined account definition.
To specify an application scope
Click next to the field.
Under Table, select the table that maps the target system for select the TSBAccountDef table or an account definition.
Select the specific target system or account definition under Effects on.
Click OK.
Column: Select the user account property for which the value is set.
In the menu, you can select the columns that use the TSB_ITDataFromOrg script in their template.
Value: Enter a fixed value to assign to the user account's property.
The IT operating data necessary in the One Identity Manager default configuration for automatically creating or changing identity user accounts and mailboxes in the target system is itemized in the following table.
NOTE: IT operating data is dependent on the target system and is contained in One Identity Manager modules. The data is not available until the modules are installed.
Target system type | IT operating data |
---|---|
Active Directory |
Container Home server Profile server Terminal home server Terminal profile server Groups can be inherited Identity type Privileged user account |
Microsoft Exchange |
Mailbox database |
LDAP |
Container Groups can be inherited Identity type Privileged user account |
Domino |
Server Certificate Template for mail file Identity type |
SharePoint |
Authentication mode Groups can be inherited Roles can be inherited Identity type Privileged user account |
SharePoint Online |
Groups can be inherited Roles can be inherited Privileged user account. Authentication mode |
Custom target systems |
Container (per target system) Groups can be inherited Identity type Privileged user account |
Azure Active Directory |
Groups can be inherited Administrator roles can be inherited Subscriptions can be inherited Disabled service plans can be inherited Identity type Privileged user account Change password at next login |
Cloud target system |
Container (per target system) Groups can be inherited Identity type Privileged user account |
Unix-based target system |
Login shell Groups can be inherited Identity type Privileged user account |
Oracle E-Business Suite |
Identity type Groups can be inherited Privileged user account. |
SAP R/3 |
Identity type Groups can be inherited Roles can be inherited Profiles can be inherited Structural profiles can be inherited Privileged user account. |
Exchange Online |
Groups can be inherited |
Privileged Account Management |
Authentication provider Groups can be inherited Identity type Privileged user account |
Google Workspace |
Organization Groups can be inherited Products and SKUs can be inherited Admin roles assignments can be inherited Identity type Privileged user account. Change password at next login |
OneLogin |
Roles can be inherited Identity type Privileged user account. Licensing state OneLogin group |
© ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center