立即与支持人员聊天
与支持团队交流

Identity Manager 9.2 - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning identities, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded identities Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Certifying departments, cost centers, and locations Reports about departments, cost centers, and locations
Identity administration
One Identity Manager users for managing identities Basics for managing identities Creating and editing identities Assigning company resources to identities Displaying the origin of identities' roles and entitlements Analyzing role memberships and identity assignments Deactivating and deleting identities Deleting all personal data Limited access to One Identity Manager Changing the certification status of identities Displaying the identities overview Displaying and deleting identities' Webauthn security keys Determining the language for identities Determining identities working hours Manually assigning user accounts to identities Entering tickets for identities Assigning extended properties to identities Reports about identities Basic configuration data for identities
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing identities Configuration parameters for managing devices and workdesks

Location information for workdesks

Enter the following information about a workdesk's location.

Table 51: Workdesk location information
Property Description

Primary department

Department to which the workdesk is primary assigned. A workdesk can obtain company resources through these primary assignments if configured accordingly.

Primary location

Location to which the workdesk is primary assigned. A workdesk can obtain company resources through these primary assignments if configured accordingly.

Fax

Fax number.

Remarks (fax)

Text field for additional explanation.

Building

Building

Room

Room.

Phone

Telephone number.

Floor

Floor.

Remarks (room)

Text field for additional explanation.

Related topics

Additional information for workdesks

Enter additional device prerequisites are diskettes or CD drives necessary, for example.

Table 52: Miscellaneous workdesk data
Property Description

Setup date

Date of going into operation.

Withdrawal date

Date on which the workdesk is written off.

Leasing fee

Leasing fee.

Floppy disk drive required

Specifies whether this workdesk requires a floppy disk drive.

CD-ROM drive required

Specifies whether this workdesk requires a CD-ROM drive.

Comment

Text field for additional explanation.

Assigning company resources to workdesks

One Identity Manager uses different assignment types to assign company resources.

  • Indirect assignment

    In the case of indirect assignment of company resources, identities, devices, and workdesks are arranged in departments, cost centers, locations, business roles, or application roles. The total of assigned company resources for an identity, device, or workdesk is calculated from the position within the hierarchies, the direction of inheritance (top-down or bottom-up) and the company resources assigned to these roles. In the Indirect assignment methods a difference between primary and secondary assignment is taken into account.

  • Direct assignment

    Direct assignment of company resources results from the assignment of a company resource to an identity, device, or workdesk, for example. Direct assignment of company resources makes it easier to react to special requirements.

  • Assignment by dynamic roles

    Assignment through dynamic roles is a special case of indirect assignment. Dynamic roles are used to specify role memberships dynamically. Identities, devices, and workdesks are not permanently assigned to a role, just when they fulfill certain conditions. A check is performed regularly to assess which identities, devices, or workdesks fulfill these conditions. This means the role memberships change dynamically. For example, company resources can be assigned dynamically to all identities in a department in this way; if an identity leaves the department they immediately lose the resources assigned to them.

  • Assignment by request

    Assignment through the IT Shop is a special case of indirect assignment. Add identities to a shop as customers so that company resources can be assigned through IT Shop requests. All company resources assigned as product to this shop can be requested by the customers. Requested company resources are assigned to the identities after approval is granted. Role memberships can be requested through the IT Shop as well as company resources.

    For more information about requests for workdesks, see the One Identity Manager IT Shop Administration Guide and the One Identity Manager Web Portal User Guide.

The following table shows the possible company resources assignments to workdesks.

NOTE: Company resources are defined in One Identity Manager modules and are not available until the modules are installed.
Table 53: Possible assignments of company resources to workdesks
Company Resource Direct assignment permitted Indirect assignment permitted Remarks

System roles

+ +  

Software

+ +  

Active Directory groups

- +

All Active Directory computers that reference the workdesk device are added to Active Directory groups.

LDAP groups

- +

All LDAP computers that reference the workdesk device are added to LDAP groups.

Detailed information about this topic
Related topics

Assigning workdesks to departments, cost centers, and locations

Assign workdesks to departments, cost centers, and locations so that they obtain company resources through these organizations. To assign company resources to departments, cost centers, or locations, use the appropriate organization tasks.

To assign a workdesk to departments, cost centers, and locations (secondary assignment; default method)

  1. In the Manager, select the Devices & Workdesks > Workdesks > Names category.

  2. Select the workdesk in the result list.

  3. Select the Assign organizations task.

  4. In the Add assignments pane, assign the organizations:

    • On the Departments tab, assign departments.

    • On the Locations tab, assign locations.

    • On the Cost centers tab, assign cost centers.

    TIP: In the Remove assignments pane, you can remove assigned organizations.

    To remove an assignment

    • Select the organization and double-click .

  5. Save the changes.

To assign a workdesk to departments, cost centers, and locations (primary assignment)

  1. In the Manager, select the Devices & Workdesks > Workdesks > Names category.

  2. Select the workdesk in the result list.

  3. Select the Change main data task.

  4. Adjust the following main data:

    • Primary department: Department to which the workdesk is assigned.

    • Primary cost center: Cost center to which the workdesk is assigned.

    • Primary location: Location to which the workdesk is assigned.

  5. Save the changes.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级