User profiles allow administrators to manage user information; manage privilege, application, and service access; and grant users self-management for their own accounts and services. Creating user profiles is a common task for a system administrator.
When creating and configuring a user, consider the following user account elements:
Self-Service Tasks: User profiles are configured by default to grant the user access to certain self-service tasks, such as changing their password and profile information. A system administrator with appropriate tasks can modify which self-service tasks are granted to a user by default.
Groups: Groups simplify role management. For example, a system administrator with appropriate tasks can configure multiple roles for the system to assign automatically to a user who is added as a member of a group.
Admin Roles: Admin roles define the tasks that a user can perform in the User Console. For example, a task can allow a user to modify user account information, such as the address or job title. Another task can allow a user to administer tasks, such as granting a user membership in a group. When you assign an admin role to a user, the user can perform the tasks associated with the role.
Endpoint Accounts and Provisioning Roles: Accounts that exist on other systems are named Endpoints Accounts. You can assign accounts in endpoints to CA IdentityMinder users through provisioning roles. For example, a user needs an Exchange account for email, an Oracle account for database access, and an Active Directory account to use a Windows system. When you assign a provisioning role to a user, the user receives the endpoint accounts the provisioning role specifies.
Access Roles: Access roles provide an additional way to provide entitlements in CA IdentityMinder or another application. For example, you can use access roles to accomplish the following:
Services: Services allow you to combine you choice of user tasks, roles, groups, and attributes into a single package. You can manage this package of privileges as a set. For example, all new Sales employees need access to a defined set of tasks, accounts on specific endpoint systems, and information added to their user account profiles. When you assign a service to a user, the user receives the entire set of roles, tasks, groups and account attributes the service specifies.
Password Policies: Password policies manage user passwords by enforcing rules and restrictions governing password expiration, composition, and usage. If a system administrator has created password policies for your environment, those policies are applied automatically to new users matching one or more password policies rules. A system administrator with appropriate tasks can modify password policies.
The following diagram shows the information to understand, and the steps to perform, in creating and configuring a user.
The following topics explain creating users in depth, and how to configure them.
|Copyright © 2012 CA. All rights reserved.||