立即与支持人员聊天
与支持团队交流

Identity Manager 9.2 - Administration Guide for Connecting to Custom Target Systems

Managing custom target systems Setting up scripted data provisioning in a custom target system Managing user accounts and identities Managing assignments of groups and system entitlements Login credentials for user accounts Mapping custom target system objects in One Identity Manager Treatment of custom target system objects in the Web Portal Basic configuration data for custom target systems Configuration parameters for managing custom target systems

Displaying the group overview

Use this task to obtain an overview of the most important information about a group.

To obtain an overview of a group

  1. In the Manager, select the Custom Target Systems > <target system> > Groups category.

  2. Select the group in the result list.

  3. Select the Group overview task.

System entitlements in custom target systems

Groups and system entitlements represent the objects used in the target system to control access to target system resources. A user account obtains the required permissions for accessing target system resources through its memberships in groups and system entitlements.

To create a system entitlement

  1. In the Manager, select the Custom Target Systems > <target system> > System entitlements 1 category.

    - OR -

    In the Manager, select the Custom Target Systems > <target system> > System entitlements 2 category.

    - OR -

    In the Manager, select the Custom Target Systems > <target system> > System entitlements 3 category.

  2. Click in the result list.

  3. On the main data form, edit the system entitlement's main data.

  4. Save the changes.

To edit the main data of a system entitlement:

  1. In the Manager, select the Custom Target Systems > <target system> > System entitlements 1 category.

    - OR -

    In the Manager, select the Custom Target Systems > <target system> > System entitlements 2 category.

    - OR -

    In the Manager, select the Custom Target Systems > <target system> > System entitlements 3 category.

  2. Select the system entitlement in the result list.

  3. Select the Change main data task.

  4. On the main data form, edit the system entitlement's main data.

  5. Save the changes.
Related topics

System entitlement main data

Enter the following main data for a system entitlement.

Table 27: General main data of a system entitlement

Property

Description

Name

Name of the system entitlement.

Canonical name

The canonical name is generated automatically and should not be changed.

System entitlement type

Details of the system entitlement type.

Distinguished name

The distinguished name is determined using a template and must not be changed.

Object GUID

Unique ID used for managing the object in the target system.

Display name

The display name is used to display the system entitlement in the One Identity Manager tools' user interface.

Target system

Name of the target system.

Container

Container in which the system entitlement is added.

Service item

Service item for requesting the system entitlement through the IT Shop.

Risk index

Value for evaluating the risk of assigning the system entitlement to user accounts. Set a value in the range 0 to 1. This input field is only visible if the QER | CalculateRiskIndex configuration parameter is set.

For more information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide.

Category

Category for inheriting system entitlements. User accounts can inherit system entitlements selectively. To do this, system entitlements and user accounts are divided into categories. Select one or more categories from the menu.

Description

Text field for additional explanation.

IT Shop

Specifies whether the system entitlement can be requested through the IT Shop. If this option is set, the system entitlement can be requested through the Web Portal and allocated by defined approval processes. The system entitlement can still be assigned directly to user accounts and hierarchical roles.

Only for use in IT Shop

Specifies whether the system entitlement can only be requested through the IT Shop. If this option is set, the system entitlement can be requested through the Web Portal and allocated by defined approval processes. Direct assignment of the system entitlement to hierarchical roles or user accounts is not permitted.

Read-only memberships

Specifies whether memberships are read-only. For example, dynamic groups. The memberships are regulated by the target system. Manual changes to memberships in One Identity Manager are not permitted.

Related topics

Assigning system entitlements to system entitlements

System entitlements can be members of other system entitlements. This means that the system entitlements can be hierarchically structured. You can only assign system entitlements of the same type and the same target system.

To assign system entitlements as members to a system entitlement

  1. In the Manager, select the Custom Target Systems > <target system> > System entitlements 1 category.

    - OR -

    In the Manager, select the Custom Target Systems > <target system> > System entitlements 2 category.

    - OR -

    In the Manager, select the Custom Target Systems > <target system> > System entitlements 3 category.

  2. Select the system entitlement in the result list.

  3. Select the System entitlements 1 overview task, System entitlements 2 overview task, or System entitlements 3 overview task to match the selected system entitlement.

  4. Select the Has members tab.

  5. In the Add assignments pane, assign the child system entitlements.

    TIP: In the Remove assignments pane, you can remove system entitlement assignments.

    To remove an assignment

    • Select the system entitlement and double-click .

  6. Save the changes.

To add a system entitlement as a member to another system entitlement

  1. In the Manager, select the Custom Target Systems > <target system> > System entitlements 1 category.

    - OR -

    In the Manager, select the Custom Target Systems > <target system> > System entitlements 2 category.

    - OR -

    In the Manager, select the Custom Target Systems > <target system> > System entitlements 3 category.

  2. Select the system entitlement in the result list.

  3. Select the System entitlements 1 overview task, System entitlements 2 overview task, or System entitlements 3 overview task to match the selected system entitlement.

  4. Select the Is member of tab.

  5. In the Add assignments pane, assign the parent system entitlements.

    TIP: In the Remove assignments pane, you can remove system entitlement assignments.

    To remove an assignment

    • Select the system entitlement and double-click .

  6. Save the changes.
Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级