Adding assignment resources to the IT Shop
An assignment resource can be requested by shop customers when it is assigned to an IT Shop shelf.
To add a resource assignment to the IT Shop
-
In the Manager, select the Entitlements > Assignment resources for IT Shop category.
-
Select the assignment resource in the result list.
-
Select the Add to IT Shop task.
-
In the Add assignments pane, assign the assignment resource to the IT Shop shelves.
- Save the changes.
Removing assignment resources from the IT Shop
To remove an assignment resource from all IT Shop shelves.
-
In the Manager, select the Entitlements > Assignment resources for IT Shop category.
-
Select the assignment resource in the result list.
-
Select the Add to IT Shop task.
-
In the Remove assignments pane, remove the assignment resource from the IT Shop shelves.
- Save the changes.
To remove an assignment resource from all IT Shop shelves.
-
In the Manager, select the Entitlements > Assignment resources for IT Shop category.
-
Select the assignment resource in the result list.
-
Select the Remove from all shelves (IT Shop) task.
- Confirm the security prompt with Yes.
-
Click OK.
The One Identity Manager Service removes the assignment resource from all shelves. All assignment requests with this assignment resource are canceled in the process.
Delegations
Role assignment and responsibilities can be temporarily delegated to others. Thereby, a distinction is made between single delegations and deputizing.
-
Deputize: Delegate all your responsibilities for a defined area to a deputy. The following areas can be selected:
-
Approval authorization for requests
Once an employee is determined as the approver for requests, their deputy is added as an additional approver.
-
Exception approval requests violate the rules
Once an employee is determined as the exception approver for requests, their deputy is added as an additional exception approver.
-
Approval authorization in attestation cases
Once an employee is determined as the attestor, their deputy is added as an additional attestor.
-
Employee manager
An employee manager's deputy can also approve managerial tasks. For example, a deputy can initiate requests for employees.
-
Manager of all roles of a role class
The deputy of a hierarchical roles manager can also approve all managerial tasks. For example, a deputy can initiate assignment requests for a business role.
You can delegate responsibility for the following role classes:
Example: During their leave, user 1 delegates their responsibilities as manager of business role with the "Projects 2222" role class and approval authorization for requests to their deputy, user 2.
-
A deputy, unlike single delegation, cannot be subdelegated.
-
An employee who is connected as a main or sub-identity cannot become a delegate nor can deactivated employees.
-
Single delegation: Delegate your responsibility for a specific role or your memberships in a specific business or application role to any given employee.
Example: User 1 delegates their membership in the "Project 2222-A" business role to user 2.
Delegations are automatically approved after a compliance check. They can be canceled and deleted. For more information about delegating tasks, see the One Identity Manager Web Portal User Guide.
Delegations are revoked when the valid-until date is exceeded or the delegate is deleted from the customer node.
Detailed information about this topic
Standard products for delegation
One Identity Manager provides standard products for delegations.
Table 22: Standard products for delegation
Deputy (temporary) |
Identity & Access Lifecycle | Identity Lifecycle |
Deputize |
Delegation |
Single delegations |
In the default installation, all active One Identity Manager database employees are customers of the Identity & Access Lifecycle shop. This allows all enabled employees to delegate responsibilities.
Related topics