/
Core Identity

Core Identity

Owned by Marc Burkhard

Introduction

The Core Identity is the most central entity in the CoreOne Suite. Each Core Identity represents a person within the CoreOne Meta Directory. It’s an entity that has a specific type, called Core Identity Type. That type defines what attributes are available to the entity, what workflows are being executed an what identity types are available. Each such Core Identity does represent a person and each person should only have one Core Identity. All the identities that on person can have, are then logically connected to this Core Identity. Furthermore the Core Identity has a wide set of attributes and other relations such as 0…N employments, asset and attribute set assignment.

Core Identity

Parameter

The following parameters can be managed when creating or mutating a Core Identity.

Parameter

Data type

Mandatory field

Example value

Description

Parameter

Data type

Mandatory field

Example value

Description

Core Identity type

Core Identity type

individual person

The core identity type defines which attributes must be captured.

Manager

Core Identity

 

John Doe

Who is responsible for the object. This can be understood in the sense of a superior (in the case of an employee) or a responsible (in the case of a service).

Attributes according to selected core identity types

-

 

 

 

Employment

Employment

 

 

If defined on the core identity types

Actions

The following actions can be performed on a Core Identity from the Admin UI.

Action

Description

Action

Description

Generate password document

Generates a welcome letter based on the stored template, including the initial password.
Note: The document will only display the initial password. If the password is changed or reset by any method (e.g., password change, reset, or forgotten password), it will no longer appear in the document.

Set initial passwords

Sets the initial password on all associated identities

Edit Core Identity

Allows you to edit the attributes of the selected Core Identity.

Suspend Core Identity

Disables the Core Identity and all associated identities, preventing access until reactivated.

Note: For a full understanding of the Suspend State: Core Identity State | Suspended

Delete Core Identity

Deletes the Core Identity along with all associated identities.

Note: For a full understanding of the Deleted State: Core Identity State | Deactivated / Deleted

The following actions can be performed on a Core Identity from the Admin UI 2.0.

Action

Description

Action

Description

Welcome Letter

Generates a welcome letter based on the stored template, including the initial password.
Note: The document will only display the initial password. If the password is changed or reset by any method (e.g., password change, reset, or forgotten password), it will no longer appear in the document.

Change passwords

  • Allows setting a new password.

  • You can also choose whether the user must change this password at their next login.

Reset Password

  • Generates and sets a random password that meets the required password policy.

  • You can also choose whether the user must change this password at their next login. Note: This will only work on target systems that support this. I.e. SSO Accounts, AD Account, Entra ID Accounts, etc.

Edit

Allows you to edit the attributes of the selected Core Identity.

Suspend

Disables the Core Identity and all associated identities, preventing access until reactivated.

Note: For a full understanding of the suspend State: Core Identity State | Suspended

Delete

Deletes the Core Identity along with all associated identities.

Note: For a full understanding of the Deleted State: Core Identity State | Deactivated / Deleted

Employments

Each Core Identity can have 0..N employments. Each employment is a combination of a valid from, valid to, organizational assignment, function and employment type. This data can then be used to assign roles and resources, define mapping and other things.

Main Employment

Since a Core Identity can have more than 1 employment, the CoreOne Suite determines the main employment of the Core Identity.
For this it takes all currently valid employments, in particular the employments with a valid from value in the past and a valid to value in the future or no value. Than it sorts the employments by the main_employment flag, which for example can be imported, followed by the percentage in descending order.
So the main employment is either the currently valid employment with the flag main_employment, or the currently valid employment with the highest percentage.

Identity

A Core Identity can have 0...N identities where an identity always belongs to only one Core Identity. This relationship ensures that an identity is always uniquely assignable.

Roles

0...N roles can be assigned to a Core Identity. The assignments are either manual or automatic and can be time-limited.

Resources

0...N roles can be assigned to a Core Identity. The assignments are either manual or automatic and can be time-limited.

Attribute Set Assignments

A Core Identity can be assigned 0...N attribute sets. The assignments are either manual or automatic and can be time-limited.

Related content

© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.