Chat now with support
Chat mit Support

Identity Manager 9.1 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Approval recommendations Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Restructuring the IT Shop Templates for automatically filling the IT Shop Custom mail templates for notifications Request templates Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Requests for employees

In the Web Portal default installation, approvers can request and cancel products for other users. Approvers can only request products for users of shops they manage and where the user is an customer. Furthermore, department managers and their deputies may edit the data for employees belonging to their department.

The responsibilities are evaluated through the following database view (View).

QER_VEditEmployee

This view displays the department manager, their deputies, and employees whose data can be edited.

Requesting change of manager for an employee

Managers can edit main data of their employees in the Web Portal. In the same context, it is possible to define a new manager for an employee. To do this, the previous manager requests assignment of another manager. If the other manager agrees to the assignment, they are assigned to the employee as manager.

Prerequisites

The following objects are made available in the One Identity Manager database by default:

Table 56: Default objects for the change of manager

Objects

Description

New manager assignment multi-request resource

Is used to request the other manager in the IT Shop. The product is canceled the moment the new manager has been assigned.

The New manager assignment service item is assigned.

New manager assignment service item

Product that is ordered when another manager is assigned.

The New manager assignment approval policy is assigned.

Identity & Access Lifecycle | Identity Lifecycle IT Shop structure

The service item is assigned by default to the Identity Lifecycle shelf in the Identity & Access Lifecycle shop.

New manager assignment approval policy

This specifies the approval workflow by which the change of manager is approved.

It is assigned to the approval workflow, New manager assignment.

New manager assignment approval workflow

This determines the other manager as an approver.

If this is denied, the request is returned to the previous manager.

VI_ESS_PersonWantsOrg_Set_New_Person.Manager process

Allocates the other manager to the employee as manager as soon as the change of manager was approved and the validity period of the request is reached.

Procedure for changing managers
  1. The previous manager edits the main data of the employee the other manager is going to take on. They select an employee as manager and specify a date from which the changes take effect.

    Table 57: Changes that are requested

    Property

    Description

    New manager

    Employee to be assigned as a new manager for the employee.

    Effective date

    The date on which the change takes effect.

    Changes to be run after approval is granted

    Changes that should be run after approval has been granted and the new manager has been assigned, for example, deleting user accounts or removing memberships in system entitlements.

    The previous manager can decide which of the changes listed should be run.

  2. A request with the following properties is triggered.

    Table 58: Properties of the manager change request

    Property

    Description

    Requester

    Previous manager.

    Recipient

    Employee.

    Additional request data

    New manager.

    Approver

    New manager.

    Valid from

    The date on which the change takes effect.

    Additional data

    Additional changes to be run.

  3. The request is assigned for approval to the new manager, who can also specify what other changes should be made after the manager has been replaced.

    1. If the manager denies approval, the request is returned to the previous manager.

      This manager can select another manager and approve the request. The request is assigned to this other manager for approval.

      The previous manager can deny request approval. The change of manager is closed. The employee’s manager is not changed.

    2. If the new manager grants approval to the request, they are assigned as manager to the employee from the validity date of the request. All selected additional changes are also run on the validity date.

  4. Product is unsubscribed. The request is closed.

For more information about assigning a new manager, see the One Identity Manager Web Designer Web Portal User Guide.

Canceling requests

Request recipients, requesters, and the members of the chief approval team can cancel requests that have not already be approved in the Web Portal. The approval process is canceled immediately. The request is given the Canceled status.

For more information about canceling processes in the Web Portal, see the One Identity Manager Web Designer Web Portal User Guide.

To cancel a request in the Manager

  1. In the Manager, select the IT Shop > Requests > Pending requests > <filter> > <request> category.

  2. Select a request procedure in the result list.

  3. Click Cancel request.

  4. Confirm the security prompt with Yes.
  5. Click OK.

Unsubscribe products

Assigned products that are no longer needed can be unsubscribed. Each request undergoes an approval process. If an unsubscription workflow is stored with the approval policy, unsubscription is approved or denied by an approver. If there is no unsubscription workflow given, unsubscription is approved immediately.

If the request's Valid until date has already expired and unsubscription is likely to be denied, the approver must enter a new Valid until date.

Request recipients can be notified if a request is unsubscribed by another employee.

Related topics
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen