Chatee ahora con Soporte
Chat con el soporte

Identity Manager 9.3 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Approval recommendations for requests Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence
The request overview Requesting products more than once Requests with limited validity period Relocating a customer or product to another shop Changing approval workflows of pending requests Requests for employees Requesting change of manager for an employee Canceling requests Unsubscribe products Notifications in the request process Approval by mail Adaptive cards approval Requests with limited validity period for changed role memberships Requests from permanently deactivated identities Deleting request procedures and deputizations
Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Restructuring the IT Shop Templates for automatically filling the IT Shop Custom mail templates for notifications Product bundles Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results Example of defining request properties

Creating and editing mail definitions

Mail texts can be defined in these different languages in a mail template. This ensures that the language of the recipient is taken into account when the email is generated.

NOTE: If the Common | MailNotification | DefaultCulture configuration parameter is set, the mail definition is loaded in the default language for email notifications when the template is opened.

To create a new mail definition

  1. In the Manager, select the IT Shop > Basic configuration data > Mail templates category.

    The result list shows all the mail templates that can be used for IT Shop requests.

  1. Select a mail template in the result list and run the Change main data task.

  2. In the result list, select the language for the mail definition in the Language drop-down.

    All active languages are shown. To use another language, in the Designer, enable the corresponding countries. For more information, see the One Identity Manager Configuration Guide.

  3. Enter the subject in Subject.

  4. Edit the mail text in the Mail definition view with the help of the Mail Text Editor.

  5. Save the changes.

To edit an existing mail definition

  1. In the Manager, select the IT Shop > Basic configuration data > Mail templates category.

    The result list shows all the mail templates that can be used for IT Shop requests.

  1. Select a mail template in the result list and run the Change main data task.

  2. In the Mail definition drop-down, select the language for the mail definition.

  3. Edit the mail subject line and the body text.

  4. Save the changes.

Using base object properties

In the subject line and body text of a mail definition, you can use all properties of the object entered under Base object. You can also use the object properties that are referenced by foreign key relation.

To access properties use dollar notation. For more information about using dollar ($) notation, see the One Identity Manager Configuration Guide.

Example:

An IT Shop requester should receive email notification about the status of the request.

Table 69: Email notification properties

Property

Value

Base object

PersonWantsOrg

Subject

"$DisplayOrg[D]$" status change

Mail body

Dear $FK(UID_PersonOrdered).Salutation[D]$ $FK(UID_PersonOrdered).FirstName$ $FK(UID_PersonOrdered).LastName$,

The status was changed on the following request on $DateHead:Date$.

Product: $DisplayOrg[D]$

Requested by: $DisplayPersonInserted$

Reason: $OrderReason$

Current status of your request:

Approval: granted

Approver: $DisplayPersonHead[D]$

Reason: $ReasonHead[D]$

The generated email notification could look like the following, for example, once it has been formatted.

Use of hyperlinks to the Web Portal

You can add hyperlinks to the Web Portal in the mail text of a mail definition. If the recipient clicks on the hyperlink in the email, the Web Portal opens on that web page and further actions can be carried out. In the default version, this method is implemented for IT Shop requests.

Prerequisites for using this method
  • The QER | WebPortal | BaseURL configuration parameter is enabled and contains the URL to the API Server. You edit the configuration parameter in the Designer.

    http://<server name>/<application>

    with:

    <server name> = name of server

    <application> = path to the API Server installation directory

To add a hyperlink to the Web Portal in the mail text

  1. Click the position in the mail text of the mail definition where you want to insert a hyperlink.

  2. Open the Hyperlink context menu and enter the following information.

    • Display text: Enter a caption for the hyperlink.

    • Link to: Select the File or website option.

    • Address: Enter the address of the page in the Web Portal that you want to open.

      NOTE: One Identity Manager provides a number of default functions that you can use to create hyperlinks in the Web Portal.

  3. To accept the input, click OK.

Default functions for creating hyperlinks

Several default functions are available to help you create hyperlinks. You can use the functions directly when you add a hyperlink in the mail body of a mail definition or in processes

Direct function input

You can reference a function when you add a hyperlink in the Address field of the Hyperlink context menu.

Syntax

$Script(<Function>)$

Example:

$Script(VI_BuildITShopLink_Show_for_Requester)$

Default functions for IT Shop requests

The VI_BuildITShopLinks script contains a collection of default functions for composing hyperlinks to directly grant or deny approval of IT Shop requests from email notifications.

Table 70: Functions of the VI_BuildITShopLinks script

Function

Usage

VI_BuildITShopLink_Show_for_Approver

Opens the overview page for request approval in the Web Portal.

VI_BuildITShopLink_Show_for_Requester

Opens the overview page for requests in the Web Portal.

VI_BuildITShopLink_Approve

Approves a request and opens the approvals page in the Web Portal.

VI_BuildITShopLink_Deny

Denies a request and opens the approvals page in the Web Portal.

VI_BuildITShopLink_AnswerQuestion

Opens the page for answering a question in the Web Portal.

VI_BuildITShopLink_Reject

Opens the page with denied requests in the Web Portal.

VI_BuildAttestationLink_Pending

Opens the page with pending requests in the Web Portal.

VI_BuildITShopLink_Unsubscribe

Creates the link for canceling email notification. This function is used in processes for unsubscribing email notifications.

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación