Chat now with support
Chat mit Support

Identity Manager 9.2.1 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Approval recommendations for requests Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence
The request overview Requesting products more than once Requests with limited validity period Relocating a customer or product to another shop Changing approval workflows of pending requests Requests for employees Requesting change of manager for an employee Canceling requests Unsubscribe products Notifications in the request process Approval by mail Adaptive cards approval Requests with limited validity period for changed role memberships Requests from permanently deactivated identities Deleting request procedures and deputizations
Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Restructuring the IT Shop Templates for automatically filling the IT Shop Custom mail templates for notifications Product bundles Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Request sequence

Shop customers can request, renew, and unsubscribe products as soon as an IT Shop solution is set up. Use the Web Portal to do this. Furthermore, requests, and cancellations are approved in the Web Portal. You can make an overview of pending and closed requests for yourself. You can also find an overview of pending and closed requests in the Manager The status of pending requests is checked regularly by the DBQueue Processor. The review is started by the IT Shop check schedule.

Requests can have a limited time period, which means the requested product assignment is only valid with the validity period.

General request sequence
  1. A customer places a request in the Web Portal for:

    1. A product.

      - OR -

    2. Membership of a hierarchical role.

      - OR -

    3. The assignment of a company resource to a hierarchical role.

  2. The request goes through the assigned approval process.

  3. If the request has been granted approval and the Valid from date has been reached:

    1. The product is assigned to the customer. The company resource associated with the product is assigned indirectly to the customer.

      - OR -

    2. The customer becomes a secondary member of the hierarchical role.

      - OR -

    3. The company resource is assigned to the hierarchical role.

    The request contains the Assigned status (PersonWantsOrg.OrderState = 'Assigned').

    The product/membership/assignment remains until it is canceled.

Requests and the resulting assignments are displayed in the following table:

Requests

PersonWantsOrg

Product assignments

PersonInITShopOrg

Company resource assignments

For example,

PersonHasQERResource

ADSAccountInADSGroup

Hierarchical role assignments

For example, PersonInDepartment

Hierarchical role assignments

For example, DepartmentHasADSGroup

General cancellation sequence
  1. A customer cancels a product/membership/assignment in the Web Portal.

    - OR -

    A requested product/requested membership/requested assignment is automatically unsubscribed.

  2. The cancellation goes through the assigned approval process.

  3. If cancellation was granted approval and the expiry date has been reached:

    1. The product's assignment is removed. The product's assigned to the associated company resource is also removed.

      - OR -

    2. The customer’s membership of the hierarchical role is removed.

      - OR -

    3. The company resource's assignment to the hierarchical role is removed.

    The request contains the Unsubscribed status (PersonWantsOrg.OrderSTate = 'Unsubscribed').

If a customer is removed from a shop, existing requests for this are closed. The products are unsubscribed and assignments are removed. If the customer changes to another shop, the product requests can be retained under certain circumstances. If the request is an assignment request, it can also be retained under certain circumstances, even if the requester is no longer a customer in the shop.

For more information about requesting products, see the One Identity Manager Web Designer Web Portal User Guide.

Related topics

The request overview

To obtain an overview of all pending and closed requests

  1. In the Manager, select the IT Shop | Requests | <filter> category.

  2. Select a request procedure in the result list.

  3. Select the Request overview task.

Displaying request details

To obtain detailed information about a request

  1. In the Manager, select the IT Shop | Requests | <filter> category.

  2. Select a request procedure in the result list.

  3. Select the Request details task.

This shows you the request data and the status of the request.

Displaying the approval sequence

For pending requests, see the current status of the approval process. The approval sequence is shown as soon as the DBQueue Processor has determined the approvers for the first approval step. In the approval workflow, you can view the approval sequence, the results of each approval step, and the approvers found. If the approval procedure could not find an approver, the request is canceled by the system.

To display the approval sequence of a pending request

  1. In the Manager, select the IT Shop > Requests > Pending requests > <filter> category.

  2. Select a request procedure in the result list.

  3. Select the Approval sequence task.

Each approval level of an approval workflow is represented by a special control. The approvers responsible for a particular approval step are shown in a tooltip. Pending attestation questions are also shown in tooltips. These elements are shown in color, the color code reflecting the current status of the approval level.

Table 51: Meaning of the colors in an approval sequence (in order of decreasing importance)

Color

Meaning

Blue

This approval level is currently being processed.

Green

This approval level has been granted approval.

Red

This approval level has been denied approval.

Yellow

This approval level has been deferred due to a question.

Gray

This approval level has not (yet) been reached.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen