Chat now with support
Chat mit Support

Identity Manager On Demand Hosted - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining the effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Templates for automatically filling the IT Shop Custom mail templates for notifications Request templates Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Deleting unused application roles for product owners

The list of product owner application roles can quickly become confusing when groups are automatically added to the IT Shop. This is because an application role is added for each account manager. These application roles are no longer required when a groups are deleted.

Redundant application roles for product owners can be deleted through a scheduled process task. This deletes all the application role from the database for which the following applies:

  • The parent application role is Request & Fulfillment | IT Shop | Product owner.

  • The application role is not assigned to a service item.

  • The application role is not assigned to a service category.

  • The application role does not have members.

To display no longer required application roles with members

  • In the Manager, select the IT Shop > Troubleshooting > Orphaned product owners category.

To delete application roles automatically

  • In the Designer, configure and enable the Cleans up application role "Request & Fulfillment | IT Shop | Product owners” schedule.

NOTE: If you have set up your own application roles under the Request & Fulfillment | IT Shop | Product Owner application role that you use for custom use cases (tables), then check whether these can be deleted automatically. Otherwise, disable the Clean up application role "Request & Fulfillment\IT Shop\Product owners" schedule.

Related topics

Approval processes for IT Shop requests

All IT Shop requests are subject to a defined approval process. During this approval process, authorized employees grant or deny approval for the product assignments. You can configure this approval process in various ways and therefore customize it to meet your company policies.

You define approval policies and approval workflows for approval processes. Specify which approval workflows are going to be used for the request in the approval policies. Use approval workflows to specify which employee is authorized to grant or deny approval for the request at the time it was placed. An approval workflow can contain a number of approval levels, and this can, in turn, contain several approval steps, for example, when several management hierarchy layers need to give approval for a request. A special approval procedure is used to determine the approvers in each approval procedure.

In the default installation, different default approval policies are assigned to the Identity & Access Lifecycle shop. Therefore, requests from this shop are run through predefined approval processes. Assign an approval policy to the shop, the shelf or the service item of the Identity & Access Lifecycle shelf if requests from this shop should go through customized approval process.

Detailed information about this topic

Approval policies for requests

One Identity Manager uses approval policies to determine the approver for each request process.

To edit an approval policy

  1. In the Manager, select the IT Shop > Basic configuration data > Approval policies category.

  2. Select an approval policy in the result list and run the Change main data task.

    - OR -

    Click in the result list.

  3. Edit the approval policy main data.

  4. Save the changes.

General main data of approval policies

Enter the following main data of an approval policy. If you add a new approval step, you must fill out the compulsory fields.

Table 25: General main data of approval policies

Main data

Meaning

Approval policies

Approval policy name.

Role type

Role type to determine inheritance of approval policies within an IT Shop solution. Add the required role types in IT Shop > Basic configuration data > Roles types category.

Priority

An integral number with a maximum of one digit.

A priority is used to decided which approval policy should be used if several approval policies are found to be valid following the given rules. The highest priority has the largest number.

Approval workflow

Workflow for determining approvers when a product is requested.

Select any approval workflow from the menu or click to set up a new workflow.

Renewal workflow

Approval workflow for determining approvers when a product is renewed.

Select any approval workflow from the menu or click to set up a new workflow.

If no renewal workflow is specified, the approval workflow of the request is used when the request is renewed (UID_SubMethodOrderProduct).

Cancellation workflow

Approval workflow for determining approvers when a requested product is canceled.

Select any approval workflow from the menu or click to set up a new workflow.

If there is no cancellation workflow given, cancellation is approved immediately.

Mail templates

Mail template used for creating email notifications for granting or denying approval for a request and extended, expired, or canceled requests.

Description

Text field for additional explanation.

Detailed information about this topic
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen