立即与支持人员聊天
与支持团队交流

Identity Manager 8.1.4 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests and delegating Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding Active Directory and SharePoint groups to the IT Shop automatically Adding Privileged Account Management user groups to the IT Shop automatically
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining the effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Cancel request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Templates for automatically filling the IT Shop Custom mail templates for notifications Request templates
Resolving errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Multi-request resources

The IT Shop distinguishes between single or multiple requestable products. Single request products are, for example, software, system roles, or Active Directory groups. These products cannot be requested if they have already been be requested for the same time period.

Furthermore, an employee may need several of one type of company resources, for example, consumables. You can find company resources such as these mapped in One Identity Manager as Multi-request resource or Multi requestable/unsubscribable resources.

Table 3: Resource types

Type

Description

Table

Resources

Resources that an employee (workstation, device) may own just once.

The resources can be requested in the IT Shop just once. The resources are assigned to the employees after approval has been granted. They remain assigned until the request is canceled. You can request them again a later point.

Example: phone, company car.

QERResource

Multi-request resources

Resources that can be requested more than once in the IT Shop. Requests are automatically canceled once approved. The resources are not explicitly assigned to employees.

Example: resource for requesting remote desktop sessions for assets in a PAM system; consumables, such as pens, printing paper.

QERReuse

Multi-requestable/unsubscribable resources

Resources that an employee can request more than once in the IT Shop but must return them explicitly once they are no longer needed. The resources are assigned to the employees after approval has been granted. They remain assigned until the request is canceled.

Example: printer, monitor.

QERReuseUS

To set up multi-request resources and add them as products in the IT Shop

  1. In the Manager, select the Entitlements | Multi-request resources for IT Shop category.

  1. Click in the result list.

  2. Edit the resource's master data.

  3. Save the changes.
  4. Select the Add to IT Shop task.

    In the Add assignments pane, assign a shelf.

    TIP: In the Remove assignments pane, you can remove shelf assignments.

    To remove an assignment

    • Select the shelf and double-click .

  5. Save the changes.

To set up multi-requestable/unsubscribable resources and to add them as products to the IT Shop

  1. Select the Entitlements | Multi requestable/unsubscribable resources for IT Shop category.

  1. Click in the result list.

  2. Edit the resource's master data.

  3. Save the changes.
  4. Select the Add to IT Shop task.

    In the Add assignments pane, assign a shelf.

    TIP: In the Remove assignments pane, you can remove shelf assignments.

    To remove an assignment

    • Select the shelf and double-click .

  5. Save the changes.

For more information about multi requestable products, see the One Identity Manager Identity Management Base Module Administration Guide.

Preparing products for requesting

Company resources have to fulfill at least the following prerequisites before you can request them in the Web Portal:

  • The company resource must be labeled with the IT Shop option.

  • A service item must be assigned to the company resource.

  • The company resource must be assigned to a shelf as a product.

  • If the company resource is only assigned to employees using IT Shop requests, the company resource must also be labeled with the Only use in IT Shop option. This means that the company resource cannot be directly assigned to roles outside the IT Shop.

The Entitlements category displays all company resources that can be requested using the IT Shop. This includes software, system entitlements, system roles, account definitions, resources, multi-request resources, and assignment resources if the corresponding modules are installed.

You can prepare the company resources for requesting in the IT Shop if you are an IT Shop administrator and have logged in as role-based. You can assign service items, edit the IT Shop and Only use in IT Shop options and assign the company resources to IT Shop shelves.

To prepare company resources for requesting

  1. In the Manager, select the Permissions category.

  2. From the navigation view and results list, select the company resources you want and result list.

  3. Select the Change master data task.

  4. Enable the IT Shop option.

  5. Assign a new service item in the Service item field.

    To add a new service item, click . Copy the name of the company resource as identifier for the service item. Enter the other properties on the service item master data form.

  6. Save the changes.
  7. Select the Add to IT Shop task.

  8. In the Add assignments pane, assign the company resource to shelves.

  9. Save the changes.

Customer keep their requested products on the shelf until they unsubscribe them. Sometimes, however, products are only required for a certain length of time and can be canceled automatically after this time. There are other settings required to provide limited period products.

Detailed information about this topic

Entering service items

In order to request company resources in the Web Portal, a service item must be assigned to them. Service items contain additional information about the company resources. For example, you can specify article numbers, request properties, product supervisors, or approvers for requests. A service catalog can be put together from the service items the Web Portal. These contain all the requestable products. You can use service categories, tags, and service item names to find the product in the service catalog.

To edit service items

  1. In the Manager, select the IT Shop | Service catalog | Hierarchical by service categories | <service category> category.

    - OR -

    In the Manager, select the IT Shop | Service catalog | Hierarchical by service categories | Singles category.

  2. In the result list, select the product's service item and select the Change master data task.

    - OR -

    Click in the result list.

  3. Enter the service item's master data.

  4. Save the changes.

General master data for a service item

Enter the following data on the General tab. If you add a new service item, you must fill out the required fields.

Table 4: General master data for a service item

Master data

Meaning

Service item

Service item name.

Special service item

If a product is used for a specific purpose, for example, for product collection, then mark it as a special service item.

Service category

Group individual products into a collection of products. Select an existing service category from the list or add a new one.

To create a new service category, click . Enter at least one name for the service item.

Product owners

Assign a Request & Fulfillment | IT Shop | Product owner application role.

Product owners can be used as approvers in a defined approval process within the IT Shop. They can decide on approval of the service item request.

To create a new application role, click . Enter the application role name and assign a parent application role.

If no product owner is assigned, the product owner of the assigned service category is determined by template.

Attestors

Assign a Request & Fulfillment | IT Shop | Attestor application role.

The members of this application role can chosen as attestor in an attestation procedure.

To create a new application role, click . Enter the application role name and assign a parent application role.

Cost center

Cost center for booking the service item in the accounts.

Manufacturer

Manufacturer data.

Terms of use

Terms of use for the product. The product can only be requested if the requester has accepted the terms of use.

Request number, product code, product code (foreign).

Company-specific service item properties.

Functional area

Company-specific service item property.

Approval policies

Approval policy used to determine the approver when the service item is requested in the IT Shop.

Request property

Select the group for defining extended properties for a request. The request properties are displayed in the Web Portal depending on the configuration, requester, or approver.

Calculation info

Enter the calculation mode as accounting information.

Availability

Company-specific information about the service item‘s availability.

Sort order

Customer-specific criteria for sorting service items.

Website

Web page with more information about the service item.

This field allows you to link product descriptions in the internet or intranet to the service item. To open the website, select Visit website in the default web browser.

Validity period

Time period for limited assignments through IT Shop.

The service item is automatically canceled when the time expires. When multi-request resources are requested (QERReuse), this value has no effect.

Description

Text field for additional explanation.

Retain service item assignment on relocation

Specifies whether requests belonging to this service item remain intact when a customer or a product relocates..

Not available

Specifies whether the service item can still be requested in the IT Shop.

If this option is enabled, no new requests can be placed for this item. Existing requests remain intact.

Request properties must be defined separately per recipient

Specifies whether additional request properties must be entered separately for each recipient of this product, if the product is requested for different recipients in one request procedure.

If this option is not set, the selected requested properties apply uniformly to all recipients of the product.

Approval by multi-factor authentication

The approval of requests with this service item requires multi-factor authentication.

For detailed information about attestation, see the One Identity Manager Attestation Administration Guide. For detailed information about cost centers, see the One Identity Manager Identity Management Base Module Administration Guide.

Detailed information about this topic
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级