Chatee ahora con Soporte
Chat con el soporte

Identity Manager 8.2 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Web Portal for Application Governance Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests and delegating Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding Active Directory and SharePoint groups to the IT Shop automatically Adding Privileged Account Management user groups to the IT Shop automatically
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining the effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Templates for automatically filling the IT Shop Custom mail templates for notifications Request templates Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Standard reason for requests

For requests or the approval of requests, you can specify reasons in the Web Portal that explain the request sequence and the individual approval decisions. You can freely formulate this text. You also have the option to predefine reasons. The approvers can select a suitable text from these standard reasons in the Web Portal and store it with the request.

Standard reasons are displayed in the approval history and the request details.

To create or edit standard reasons

  1. In the Manager, select the IT Shop > Basic configuration data > Standard reasons category.

  2. Select a standard reason in the result list and run the Change main data task.

    - OR -

    Click in the result list.

  3. Edit the main data of a standard reason.

  4. Save the changes.

Enter the following properties for the standard reason.

Table 67: General main data of a standard reason

Property

Description

Standard reason

Reason text as displayed in the Web Portal and in the approval history.

Description

Text field for additional explanation.

Automatic Approval

Specifies whether the reason text is only used for automatic approvals by One Identity Manager. This standard reason cannot be selected by manual approvals in the Web Portal.

Do not set the option if the you want to select the standard reason in the Web Portal.

Additional text required

Specifies whether an additional reason should be entered in free text for the approval.

Usage type

Usage type of standard reason. Assign one or more usage types to allow filtering of the standard reasons in the Web Portal.

Related topics

Predefined standard reasons for requests

One Identity Manager provides predefined standard reasons. These are added to the request by One Identity Manager during automatic approval. You can use the usage type to specify which standard reasons can be selected in the Web Portal.

To change the usage type

  1. In the Manager, select the IT Shop > Basic configuration data > Standard reasons > Predefined category.

  2. Select the standard reason whose usage type you want to change.

  3. Select the Change main data task.

  4. In the Usage type menu, set all the actions where you want to display the standard reason in the Web Portal.

    Unset all the actions where you do not want to display the default reason.

  5. Save the changes.
Related topics

Role classes for the IT Shop

Role classes form the basis for mapping IT Shop structures in One Identity Manager. The following role classes are available by default in One Identity Manager:

  • IT Shop structure

  • IT Shop template (if the QER | ITShop | Templates configuration parameter is set)

Use role classes to specify which company resources can be requested through the IT Shop. At the same time, you decide which company resources may be assigned as products to shelves and IT Shop templates.

The following options define which company resources may be assigned to IT Shop structures and IT Shop templates:

  • Assignments allowed

    This option specifies whether the assignment of the relevant company resources is permitted in general.

  • Direct assignments allowed

    This option specifies whether the relevant company resources can be directly assigned.

NOTE: Company resources are always assigned directly to shelves and IT Shop templates. Therefore, always enable and disable both options.

To configure assignment to IT Shop structures and IT Shop templates

  1. In the Manager, select the IT Shop > Basic configuration data > Role classes category.

  2. In the result list, select the role class.

  3. Select the Configure role assignments task.

  4. In the Role assignments column, select a company resource.

    Enable the Assignments permitted option, to specify whether an assignment is generally allowed.

    Enable the Direct assignment permitted options, to specify whether a direct assignment is allowed.

    Disable the options if the assignment is not allowed.

    INFORMATION: You can only disable the options if there are no assignments of the respective objects to IT Shop structures or IT Shop templates.
  5. Save the changes.

Role types for the IT Shop

Create role types in order to classify roles. You can use role types to limit the approval policies in effect for shelves. To do this, assign role types to shelves and approval policies.

You can also assign role types to shops if you want to apply further criteria to distinguish between shops. Role types for shops do not, however, influence how the approval policies in effect are determined.

To edit a role type

  1. In the Manager, select the IT Shop | Basic configuration data | Role types.

  2. In the result list, select the role type and run the Change main data task.

    - OR -

    Click in the result list.

  3. Enter a name and detailed description for the role type.

  4. Save the changes.
Related topics
Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación