Chatee ahora con Soporte
Chat con el soporte

Identity Manager 8.2 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Web Portal for Application Governance Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests and delegating Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding Active Directory and SharePoint groups to the IT Shop automatically Adding Privileged Account Management user groups to the IT Shop automatically
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining the effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Templates for automatically filling the IT Shop Custom mail templates for notifications Request templates Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Assigning employees through dynamic roles

Add an employee who is authorized to make requests for the shop to the customer node. You have two possible ways of doing this. Employees can be assigned to a customer node either directly or through a dynamic role.

NOTE: Create dynamic role is only available for customer nodes that do not have Dynamic roles not allowed set.
IMPORTANT:If a shop contains a large number of customers, the calculations in the IT Shop can cause a heavy load on the DBQueue Processor and therefore on the database server, as well.

Formulate the condition for the dynamic role so that no more than 30,000 employees are found.

To create a dynamic role

  1. In the Manager, select the IT Shop > IT Shop > <shop> > Customers or IT Shop > IT Shop > <shopping center> > <shop> > Customers category.

  2. Select the Create dynamic role task.

  3. Enter the required main data.

  4. Save the changes.

To edit a dynamic role

  1. In the Manager, select the IT Shop > IT Shop > <shop> > Customers or IT Shop > IT Shop > <shopping center> > <shop> > Customers category.

  2. Select the Entitled customers overview task.

  3. Select the Dynamic roles form element and click on the dynamic role.

  4. Select the Change main data task and edit the dynamic role's main data.

  5. Save the changes.

For more information about dynamic roles, see the One Identity Manager Identity Management Base Module Administration Guide. The following features apply to dynamic roles for customer nodes:

Table 76: Properties of a customer node dynamic role

Property

Description

IT Shop node

This data is initialized with selected customer nodes. If the employee objects meet the dynamic role conditions, they are added to this customer node.

Object class

Employee

Dynamic role

The dynamic role name is made up of the object class and the full name of the IT Shop node by default.

Calculation schedule

Schedule for calculating dynamic roles. Employees with request permissions for the shop are determined regularly at the times specified in the schedule.

In the default installation of One Identity Manager, the Dynamic roles check schedule is already defined. All dynamic role memberships are checked using this schedule and recalculation operations are sent to the DBQueue Processor if necessary. Use the Designer to customize schedules or set up new ones to meet your requirements. For more information, see the One Identity Manager Operational Guide.

To delete a dynamic role

  1. In the Manager, select the IT Shop > IT Shop > <shop> > Customers or IT Shop > IT Shop > <shopping center> > <shop> > Customers category.

  2. Select the Entitled customers overview task.

  3. Select the Dynamic roles form element and click on the dynamic role.

  4. In the Manager's toolbar, click .

  5. Confirm the security prompt with Yes.
Related topics

Deleting IT Shop structures

In order to delete IT Shop structures, you have to remove all the child IT Shop structures. This applies to manually added IT Shop structures in the same way as it does for shelves and products created from shelf templates.

Deleting customer nodes

To delete a customer node

  1. In the Manager, select the IT Shop > IT Shop > <shop> or the IT Shop > IT Shop > <shopping center> > <shop> category.

  2. Select the customer node in the result list.

  3. Remove all assigned employees.

    • If the customer node was filled using a dynamic role, delete the dynamic role first.

  4. Click in the result list.

  5. Confirm the security prompt with Yes.
Detailed information about this topic

Deleting shelves

If a shelf is going to be completely dissolved, you need to remove all the product assignments from the shelf first.

To delete a shelf

  1. In the Manager, select the IT Shop > IT Shop > <shop> or the IT Shop > IT Shop > <shopping center> > <shop> category.

  2. Select the shelf in the result list.

  3. Remove all product assignments to the shelf.

    The next time the DBQueue Processor runs, all pending requests for the products are closed and approved requests are canceled. Then you can delete the shelf.

  4. Click in the result list.

  5. Confirm the security prompt with Yes.

To delete a shelf that resulted from a special shelf template

  1. Cancel approved requests from this shelf.

  2. Cancel pending request.

  3. Remove shelf template assignments to the shop.

NOTE: Shelves that have been created from a global shelf template or a shopping center template cannot be deleted.
Detailed information about this topic
Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación