Chat now with support
Chat mit Support

Identity Manager 9.0 LTS - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Restructuring the IT Shop Templates for automatically filling the IT Shop Custom mail templates for notifications Request templates Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Scheduled request for approval

Approvers can be regularly notified of requests that are pending. These regular notifications replace the individual prompts and approval reminders that are configured in the approval step.

To send regular notifications about pending requests

  1. Enable the QER | ITShop | MailTemplateIdents | RequestApproverByCollection configuration parameter in the Designer.

    By default, a notification is sent with the IT Shop request - pending requests for approver mail template.

    TIP: To use something other than the default mail template for these notifications, change the value of the configuration parameter in the Designer.

  2. In the Designer, configure and enable the Inform approver about pending requests schedule.

    For more information about this, see the One Identity Manager Operational Guide.

Sequence for limited requests

A recipient keeps a product on the shelf up to a specific point in time when they unsubscribe the products again. Sometimes, however, products are only required for a certain length of time and can be canceled automatically. The recipient is notified by email before the expiry date is reached and has the option to renew the request.

To set up the notification procedure

  1. In the Designer, set the QER | ITShop | ValidityWarning configuration parameter and enter the warning period (in days) for expiring requests.

  2. In the Designer, configure and activate the Reminder for IT Shop requests that expire soon schedule.

  3. Enter the following data for the approval policy:

    • Mail template expired: Select the mail template to be used for the email notification. The default installation provides the IT Shop request - product expires and IT Shop request - expired mail templates.

  4. Save the changes.
Related topics

Approving or denying request approval

When a request is granted approval or denied, the request recipient is notified by email. Notification may occur after approval or denial of a single approval step or once the entire approval process is complete. Requests can be automatically granted or denied approval once a specified time period has expired. The recipient is notified in the same way in this case.

To set up the notification procedure

  • If notification should be sent immediately after an approval decision is made for a single approval step, enter the following data on the Mail templates tab of the approval step.

    • Mail template approved: IT Shop request - approval granted for approval step

    • Mail template denied: IT Shop request - approval not granted for approval step

  • Enter the following data in the approval policy when notification should immediately follow the approval decision of the entire approval process:

    • Mail template approved: IT Shop request - approval granted

    • Mail template denied: IT Shop request - approval not granted

Related topics

Notifying delegates

If required, a delegator can receive notifications if the deputy or recipient of the single delegation has made a request in the IT Shop. Notification is sent once an employee has been determined as an approver due to delegation and has made an approval decision for the request.

To send notification when the employee who was delegated an approval approves or denies the request

  • In the Designer, set the QER | ITShop | Delegation | MailTemplateIdents | InformDelegatorAboutDecisionITShop configuration parameter.

    By default, a notification is sent with the Delegation - inform delegator about decided request mail template.

TIP: To use custom mail templates for emails of this type, change the value of the configuration parameter.

Delegations are taken into account in the following default approval procedures.

Table 59: Delegation relevant default approval procedures

Delegation of

Approval procedure

Department responsibilities

D0, D1, D2, DM, DP, MS

Cost center responsibilities

P0, P1, P2, PM, PP, MS

Location responsibilities

MS

Business role responsibilities

OM, MS

Employee responsibilities

CM

IT Shop structure responsibilities

H0, H1, H2

Memberships in business roles

OR

Memberships in application roles

DI, DR, ID, IL, IO, IP, OA, OC, OH, PI, PR, RD, RL, RO, RP, TO

Example

Jan User3 is responsible for the R1 business role. They delegate their responsibility for the business role to Jo User1. Jo User1 is themselves responsible for R2 business role.

A member of the R1 business role requests a product in the IT Shop. Jan User3 is established as an approver through the OM - Manager of a specific role approval process. The request is assigned to Jo User1 for approval through delegation. Jan User3 is notified about the request as soon as Jo User1 has made their approval decision.

A member of the R2 business role requests a product in the IT Shop. Jo User1 is established as the approver through the OM - Manager of a specific role approval process. No notification is sent because Jo User1 does not make the approval decision due to delegation.

Bulk delegation

You have the option to delegate all your responsibilities to one person in the Web Portal. If you have a lot of responsibilities, it is possible that not all the delegations are carried out. A delegator can send a notification to themselves if an error occurs.

Detailed information about this topic
Related topics
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen