Chat now with support
Chat mit Support

Identity Manager 9.2.1 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Approval recommendations for requests Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence
The request overview Requesting products more than once Requests with limited validity period Relocating a customer or product to another shop Changing approval workflows of pending requests Requests for employees Requesting change of manager for an employee Canceling requests Unsubscribe products Notifications in the request process Approval by mail Adaptive cards approval Requests with limited validity period for changed role memberships Requests from permanently deactivated identities Deleting request procedures and deputizations
Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Restructuring the IT Shop Templates for automatically filling the IT Shop Custom mail templates for notifications Product bundles Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Displaying the tags overview

The overview form contains the most important information about a tag.

To get an overview of a tag

  1. In the Manager, select the IT Shop > Basic configuration data > Tags category.

  2. Select a tag in the result list.

  3. Select the Tag overview task.

Assigning and removing products

Once you have prepared the product to be requested, assign it to a shelf or a shelf template. A shelf has several tasks available for assigning and removing products.

NOTE: The tasks are only displayed if the Assignments permitted and Direct assignment permitted options are enabled for the IT Shop structure or IT Shop template role classes.
Table 17: Tasks for assigning and removing requestable products

Products

Task

Software

Assign software

Resources

Assign resource

Multi-request resources

Assign resource

Multi requestable/unsubscribable resources

Assign resource

System roles

Assign system roles

Groups and system entitlements from custom target systems

Assign system entitlements of custom target systems

Active Directory groups

Active Directory Assign groups

Azure Active Directory permissions

Azure Active Directory Assign groups

Azure Active Directory Assign administrator roles

Azure Active Directory assign subscriptions

Assigning disabled Azure Active Directory service plans

SharePoint permissions

SharePoint Assign groups

Assign SharePoint roles

LDAP groups

LDAP Assign groups

HCL Domino groups

Notes Assign groups

SAP R/3 permissions

Assign BI analysis authorizations

SAP Assign groups

Assign SAP profiles

Assign SAP roles

Assigning structural profiles

E-Business Suite permissions

Assign E-Business Suite authorizations

Exchange Online permissions

Assign Exchange Online mail-enabled distribution groups

Office 365 Assign groups

Privileged Account Management permissions

Assign PAM user groups

SharePoint Online permissions

SharePoint Online Assign groups

Assign SharePoint Online roles

Google Workspace permissions

Google Workspace Assign groups

Google Workspace Assign products and SKUs

Unix groups

Unix Assign groups

Cloud groups and system entitlements

Assign cloud groups and system entitlements

Subscribable reports

Assign subscribable reports

Assignment resources

Assign resource

Account definitions

assign account definition

Detailed information about this topic

Assigning products to shelves

There are different tasks available for assigning a single product from a shelf. The following example based on a resource shows you how to assign individual products.

To assign a resource to the Identity Lifecycle shelf as a product

  1. In the Manager, select the IT Shop > IT Shop > Identity & Access Lifecycle > Shelf: Identity Lifecycle category.

  2. Select the Assign resources task.

  3. In the Add assignments pane, assign resources.

  4. Save the changes.

Products are automatically assigned to shelves at the same time, if:

  • Groups are automatically added to the IT Shop

  • Rule templates are used to set up the IT Shop

Use the DBQueue Processor inheritance mechanism and subsequent post-processing to create a separate product node for each assigned product within the shelf. These product nodes are displayed with the name of the product’s service item. If products are added in bulk to the IT Shop by automatic processes, you can specify how many product nodes are created in one DBQueue Processor run in the QER | ITShop | LimitOfNodeCheck configuration parameter. Once this number has been exceeded, the task is closed and queued again in the DBQueue for generating the rest of the product nodes. By default, 500 objects are processed in one run.

Related topics

Removing products from shelves

There are different tasks available for removing a product from a shelf. In the following section, we take the example of a resource to show how to remove a product.

To remove a resource from the Identity Lifecycle shelf

  1. In the Manager, select the IT Shop > IT Shop > Identity & Access Lifecycle > Shelf: Identity Lifecycle category.

  2. Select the Assign resources task.

  3. Remove the resource from Remove assignments.

  4. Save the changes.

When you remove a product from a shelf, pending requests for the product are closed and approved requests are unsubscribed.

To remove a product from all shelves

  • Select the Remove from all shelves task.

    You will find the task on the main data form of the respective product, for example, a resource.

The task immediately removes product assignments to manually configured shelves and shelf templates. Then, the DBQueue Processor removes product assignments to shelves, based on a template definition. All assignments are unsubscribed if the product is part of an assignment request.

Information on bulk processing

If products are added in bulk to the IT Shop by automatic processes, you can specify how many product nodes are created in one DBQueue Processor run in the QER | ITShop | LimitOfNodeCheck configuration parameter. Once this number has been exceeded, the task is closed and queued again in the DBQueue for generating the rest of the product nodes. By default, 500 objects are processed in one run. The number of requests submitted in bulk can be considerably larger than other processes.

Set a lower value if performance issues arise when running the QER-K-OrgAutoChild process task.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen