Chatee ahora con Soporte
Chat con el soporte

Identity Manager 8.2 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Web Portal for Application Governance Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests and delegating Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding Active Directory and SharePoint groups to the IT Shop automatically Adding Privileged Account Management user groups to the IT Shop automatically
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining the effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Templates for automatically filling the IT Shop Custom mail templates for notifications Request templates Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Attestors

NOTE: This function is only available if the Attestation Module is installed.

In One Identity Manager, you can assign employees, who are brought in as attestors to attest these objects, to IT Shop structures (shelves, shops, shopping centers, service categories, and shelf templates). To do this, assign the IT Shop structures to application roles for attestors. Assign these application roles to employees who are authorized to attest these objects and their assignments.

For detailed information about attestation, see the One Identity Manager Attestation Administration Guide.

A default application role for attestors is available in One Identity Manager. You may create other application roles as required. For detailed information about application roles, see the One Identity Manager Authorization and Authentication Guide.

Table 73: Default application roles for attestors

User

Tasks

Attestors for IT Shop

Attestors must be assigned to the Request & Fulfillment | IT Shop | Attestors application role.

Users with this application role:

  • Attest correct assignment of company resource to IT Shop structures for which they are responsible.

  • Attest objects that have service items assigned to them.

  • Can view main data for these IT Shop structures but not edit them.

NOTE: This application role is available if the Attestation Module is installed.

To add employees to default application roles for attestors

  1. In the Manager, select the IT Shop > Basic configuration data > Attestors category.

  2. Select the Assign employees task.

    In the Add assignments pane, add employees.

    TIP: In the Remove assignments pane, you can remove employee assignments.

    To remove an assignment

    • Select the employee and double-click .

  3. Save the changes.

To add another application role for attestors

  1. In the Manager, select the IT Shop > Basic configuration data > Attestors category.

  2. Click in the result list.

  3. Enter at least the application role's name and, in the Parent application role menu, select the Request & Fulfillment | IT Shop | Attestor application role or a child role.

  4. Save the changes.

  5. Assign employees to the application role.

Related topics

Setting up IT Shop structures

Depending on the company structure, you can optionally define shopping centers for your IT Shop solution where several shops can be bought together under one roof. Always add the shopping center to the top level of the IT Shop. Shopping centers may not be hierarchical.

Each shop contains a number of shelves that the customer can request products from. You can add a shop to the top level of the IT Shop or under a shopping center. Shops may not be hierarchical.

There are various products available for request on shelves. Shelves are set up under each shop.

IMPORTANT:If a shop contains a large number of customers, the calculations in the IT Shop can cause a heavy load on the DBQueue Processor and therefore on the database server, as well.

Structure the IT Shop so that no more than 30,000 customers can make requests in each shop. If necessary, set up your own shopping center with several shops and customer nodes.

Detailed information about this topic

Adding IT Shop structures

To set up a shopping center, a shop or a shelf

  1. In the Manager, select the IT Shop > IT Shop category.

  2. Click in the result list.

  3. Edit the shopping center, shop, or shelf's main data.

  4. Save the changes.
Detailed information about this topic

General main data of IT Shop structures

On the General tab, enter the following main data of a shopping center, shop, or a shelf.

Table 74: General main data of an IT Shop structure

Property

Description

IT Shop node

IT Shop structure name.

Internal name

Internal IT Shop structure name.

IT Shop information

 The structure of the IT Shop is governed by this data The IT Shop structure is regulated by this data. In the menu, select Shopping center, Shop, or Shelf.

The menu is only displayed when you insert a new IT Shop structure.

Role type

Role types for classifying shops and shelves. In the menu, select a role type.

  • Shopping center: N/A

  • Shop: You can use role types to classify shops further. The role type for shops does not influence how the approval policies in effect are determined.

  • Shelf: You can use role types to limit the approval policies in effect.

Shelf template

Template to automatically fill shelves.

  • Shopping center: Select a shopping center template from the menu. A shopping center template cannot be assigned until the shopping center has been saved in the database.

  • Shop: N/A

  • Shelf: For shelves created by automatic filling of the shop, the reference to the shelf template used is entered. Shelf templates are only assigned automatically.

Parent IT Shop node

Parent IT Shop nodes in the IT Shop hierarchy.

  • Shopping center: Leave this empty. Shopping centers always form the root node of an IT Shop.

  • Shop: If the shop is at the top level of an IT Shop, this field stays empty.

    If the shop is in a shopping center, select the shopping center from the menu. You can use this input field to add shops to shopping centers later.

  • Shelf: In the menu, select the shop to add the shelf to.

    After saving the rule, the shop cannot be changed again.

Full name

Full name of the IT Shop structure.

Location

Location of the IT Shop structure. You can use this input when creating approval policies for making requests from this shopping center/shop/shelf.

Department

Department the IT Shop structure is in. You can use this input when creating approval policies for making requests from this shopping center/shop/shelf.

Cost center

Cost enter of the IT Shop structure. You can use this input when creating approval policies for making requests from this shopping center/shop/shelf.

Owner

The employee responsible for the IT Shop structure. You can use this input when creating approval policies for making requests from this shopping center/shop/shelf.

2nd Manager

The owner's deputy. You can use this input when creating approval policies for making requests from this shopping center/shop/shelf.

Attestors

 Applications role whose members are authorized to approve attestation cases for this IT Shop structure.

To create a new application role, click . Enter the application role name and assign a parent application role.

NOTE:This property is available if the Attestation Module is installed.

Description

Text field for additional explanation.

Certification status

Certification status of the IT Shop structure. You can select the following certification statuses:

  • New: The IT Shop structure was newly added to the One Identity Manager database.

  • Certified: The IT Shop structure's main data was granted approval by the manager.

  • Denied: The IT Shop structure's main data was denied approval by the manager.

Detailed information about this topic
Related topics
Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación