Requesting for other identities or subidentities
You can make requests for other identities (such as department managers). You can only request products from the shops where the identity is a customer and for which you are responsible.
If you are logged in to the Web Portal with your main identity, you can trigger a request for yourself and for your subidentities at the same time. If you are logged in with your subidentity, you can only make requests for the current subidentity.
To request products for other identities
-
In the menu bar, click Request > My Requests.
-
On the My requests page, click Start a new request.
-
On the Request page, click Change next to the Recipient field.
-
In the Recipients dialog, click the identities in the list for which you would like to request products.
NOTE: You can extend the identities list to show more information. To do this, click View settings > Additional columns and select the information you require from the dialog.
The selected identities are listed under Selected.
TIP: To remove an identity from the recipient list, click the respective identity under Selected.
-
Click Close.
-
Add the products to the shopping cart (see Adding products to the shopping cart) that you want to request for the selected identities.
TIP: If you want to find out which products are already assigned to the selected recipients, on the Request page, click Actions > Check requests for this recipient.
-
(Optional) Edit the shopping cart (see Managing products in the shopping cart).
-
Submit the request (see Submitting requests).
Related topics
Requesting privileged access
You can use the Privileged access requests service category to request privileged access to high-security systems (Privileged Account Management system).
TIP: For more information on the topic of Privileged Account Management, see the One Identity Manager Administration Guide for Privileged Account Governance.
To request privileged access
-
In the menu bar, click Request > My Requests.
-
On the My requests page, click Start a new request.
-
On the Request page, click Privileged access requests.
-
On the Request page, select how you want to access the system by selecting the check box in front of the relevant option and clicking Add to shopping cart.
-
Password release request: Request a temporary password.
-
Remote desktop session request: Request temporary access through a remote desktop connection.
-
SSH key request: Request temporarily valid SSH key.
-
SSH session request: Request temporary access through an SSH session.
-
Telnet session requests: Request temporary access using a Telnet session.
-
In the new dialog, next to PAM user account, click Assign/Change.
-
In the PAM user account dialog, select the PAM user account that you want to use for PAM access.
-
Next to System to access/Asset, click Assign.
-
Depending on the type of access you have selected, perform one of the following actions:
-
Password release request: In the System to access window, in the table menu, select which access you want to request, either a PAM directory or a PAM Asset and then click the PAM directory or PAM asset in the list.
-
Telnet session request, remote desktop session request, SSH key request, or SSH session request: In the Asset dialog, click your PAM asset.
-
In the dialog, next to Account to access, click Assign.
-
In the Account to access dialog, select in the Table menu, select which access you want to request, either PAM directory account or a PAM Asset account.
-
In the list, click on the relevant PAM asset account or PAM directory account.
-
(Optional) In the Comment field, enter a comment, for example, to justify why you are requesting this access.
-
In the Valid from field, specify the time from which you want the access to be valid or clear the check box so that access is valid from the time of this request.
TIP: Use the icons next to the date field to select the date and time from the calendar or a list.
-
In Checkout duration, enter the number of minutes for which the access is valid.
NOTE: This duration refers to your entry in the Valid from field. For example, if you have specified that the access is valid from 12 noon tomorrow and should be valid for 60 minutes, then the validity period will expire at 1 pm tomorrow.
-
Click Save.
-
(Optional) Repeat the steps for all other users and access types.
-
On the My Shopping Cart page, click Submit.
As soon as the request has been approved, a button is displayed in the request history details pane (see Displaying request history) (Request > My Requests > Request History) that you can use to log in to the Privileged Account Management system to get the login information.
Related topics
Requesting Starling 2FA tokens
The Starling Two-Factor Authentication is a multi-factor authentication and can be used when requesting products or approving attestations in the Web Portal. This reduces the risk of unauthorized persons requesting critical products or approving attestations in your name.
To use multi-factor authentication, you must have a Starling 2FA token. You can request this product in the Web Portal. The following data is required to request a Starling 2FA token:
- Your mobile phone number
- Your country of residence
- Your default email address
You can enter this information under My profile > Personal data. For more information, see Changing my contact data.
To request a Starling 2FA token
NOTE: Each identity can request only one new Starling 2FA token. If your mobile phone number changes, you must unsubscribe your Starling 2FA token (see Unsubscribing products) and request it again.
-
In the menu bar, click Request > My Requests.
-
On the My requests page, click Start a new request.
-
Click Access Lifecycle on the Request page.
-
Click Add to the cart next to the product New Starling 2FA token.
-
In the New Starling 2FA token dialog, check the mobile phone number and country code. If you have not saved a mobile phone number or the country in your profile, enter your mobile number in the Mobile phone field. Next to Country, click Assign and select a country.
-
Click OK.
-
On the My Shopping Cart page, click Submit.
The request is forwarded to your manager for approval. Once your manager has granted approval, you will receive a text message on your mobile phone with a link to a multi-factor authentication app.
-
Install the app on your smartphone:
-
Open the text message and click the link.
-
Download the multi-factor authentication app to your smartphone.
-
Open the app and enter your country code and the mobile phone number.
-
Confirm the given data and enter your email address.
-
Reconfirm and select whether to use telephone or text message contact.
After successful installation, you will receive a registration code.
You can now use the app for generating a security code.
Related topics
Requesting products that require multi-factor authentication
Multi-factor authentication can be used for specific security-critical requests. Depending on the configuration, either the requester, the order recipient, or the approver must authenticate themselves using an additional security code. Define which products require this authentication in your service items.
To use multi-factor authentication, you must have a Starling 2FA token. For more information, see Requesting Starling 2FA tokens.
To request a product that requires multi-factor authentication
-
In the menu bar, click Request > My Requests.
-
On the My requests page, click Start a new request.
-
On the Request page, click a service category containing products that require multi-factor authentication.
-
Place the products you want in the shopping cart (see Adding products to the shopping cart) and, if necessary, make further settings in the shopping cart (see Managing products in the shopping cart).
-
On the My Shopping Cart page, click Submit.
-
On the Terms of use page, enable the I have read and understood the terms of use option and click Accept.
A few minutes may pass before you are prompted to enter a security code.
-
Perform one of the following actions:
-
Click Authenticate with Starling 2FA app.
-
Click Send SMS or Phone call, enter the security code, and click Next.
Related topics
