...
Table of Contents | ||||
---|---|---|---|---|
|
Einleitung
Identitätstypen definieren einen bestimmten Accounttypen in einem Zielsystem. Hat eine Core Identität mehere Accounts in einem System, beispielsweise einen Standard AD Account und einen Admin AD Account, können diese mit einem Identitätstypen abgebildet werden. Ein Identitätstyp hat immer eine Provisionierungskonfiguration auf welcher die Attribute und Workflows definiert sind. Das ermöglicht es die Konfigurationen für mehrere Identitätstypen zu teilen. Das Berechtigungsmodel hingegen ist spezifisch für den Identitätstypen.
How-to Artikel
Filter by label (Content by label) | ||||||
---|---|---|---|---|---|---|
|
Verwandte Artikel
...
Introduction
An identity type defines a specific account type in a target system. Such an identity type always belongs to exactly one Core Identity type, so that the system knows which attributes are present, and has exactly oneIdentity Provision Configuration. You specify the identity type to group your accounts into logical units such as SSO Identity, Standard AD Account or Test AD Account. A Core Identity can have multiple https://itsense.atlassian.net/l/c/0vy2yH0G but only one of each identity type.
Whenever you assign a resource to a Core Identity , you must specify the identity type to clearly indicating where this resource should be applied to.
...
Properties
Whenever you are creating or updating an identity type, you have to specify the following properties:
Property | Data Type | Mandatory | Example | Description |
---|---|---|---|---|
| String |
| Standard AD Account | A readable name used in the UI. |
| Drop Down |
| Active Directory | Any target system configured in the system. |
| Drop Down |
| Active Directory User | Any identity provisioning configuration configured in the system. |
Identity Type Features
Each identity type supports a set of features that you can enable or disable. Below are the default features. Some identity types such as M365 identity types over additional features.
Identity
Info |
---|
Some of the features below are also present on the target system or on resource types. You might need to enable the appropriate feature in all places to take effect. |
Create identity
If enabled, the CoreOne Suite will create identities of this identity type in the CoreOne Meta Directory.
Provision identity
If enabled, the CoreOne Suite will provision identities of this identity type into the target system.
Update identity
The CoreOne Suite will update existing identities of this identity type in the CoreOne Meta Directory when there are updatable attributes configured.
Provision identity changes
If enabled, the CoreOne Suite will provision the calculated changes of the identity to the target system.
Update identity when the core identity is disabled
Whenever a Core Identity will be deactivated, this will also halt all update calculations. In some cases, this is not the desired behavior. For example if you have allocated an asset from the Asset Management that you assigned manually and you want those changes propagated to Active Directory even though the Core Identity is deactivated.
Set inactive if no active assignment are present
If enabled, identities that get created are in the state deactivated which will also be reflected in the corresponding target system.
This only works with identities who are provisioned in advance. For this the provisioning advance time has to be set in the provisioning configuration.
Normally identities are created in the state active.
Password reset active
If enabled, a user can reset the password of an identity of this identity type within the CoreOne Suite.
Early resource allocation
If enabled, resources that are assigned to a Core Identity will be assigned and provisioned to the identity before the start of the first employment. Be aware that you need to combine this feature with an appropriate Early resource allocation in hours
configuration on the Resource Type.
For more details check out the https://itsense.atlassian.net/l/c/nke3Soke
Functions
Authentication provider active
If enabled, users can authenticate with the credentials of this identity type on the CoreOne Authentication Service.