Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Identity Manager 8.2.1 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining the effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Templates for automatically filling the IT Shop Custom mail templates for notifications Request templates Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Adding and deleting recipients and channels

Approvers can be registered in Starling Cloud Assistant as recipients through an IT Shop request and allocated to a channel. By default, the requests are approved immediately by self-service. Then the recipients are registered and the requested channel is assigned to them. Once the approver has installed the Starling Cloud Assistant app, they can use adaptive cards to attest.

To add a recipient in Starling Cloud Assistant

  • In the Web Portal, request the New Starling Cloud Assistant recipient product.

To allocate Microsoft Teams as a channel in Starling Cloud Assistant

  1. In the Web Portal, request the Teams channel for Starling Cloud Assistant recipient product.

  2. Install the Starling Cloud Assistant app for Microsoft Teams.

    For more information, see the One Identity Starling Cloud Assistant User Guide under https://support.oneidentity.com/starling-cloud-assistant/hosted/technical-documents.

To allocate Slack as a channel in Starling Cloud Assistant

  1. In the Web Portal, request the Slack channel for Starling Cloud Assistant recipient product.

  2. Install the Starling Cloud Assistant app for Slack.

    For more information, see the One Identity Starling Cloud Assistant User Guide under https://support.oneidentity.com/starling-cloud-assistant/hosted/technical-documents.

To delete a recipient in Starling Cloud Assistant

  • Cancel the New Starling Cloud Assistant recipient product.

To remove a channel

  • Cancel the respective product.

For more information about requesting and unsubscribing products, see the One Identity Manager Web Portal User Guide.

Related topics

Creating, editing, and deleting adaptive cards for requests

One Identity Manager provides adaptive cards for demanding approval of IT Shop requests in German and English. These can be displayed in the Manager. You can create your own templates for adaptive cards, for example to make changes to the content or to provide adaptive cards in other languages. The recipient's language preferences are taken into account when an adaptive card is generated. If a language cannot be identified or there is no suitable template for the language found, en-US is used as fallback.

To use your own adaptive cards for approving requests, configure the QER_PWOHelperPWO approve anywhere process accordingly.

To display an adaptive card

  1. In the Manager, select the IT Shop > Basic configuration data > Adaptive cards category.

  2. Select the adaptive card in the result list.

  3. Select the Change main data task.

  4. In the Adaptive card templates menu, select a template.

    This displays the adaptive card's definition in the Template field.

    • To display the entire JSON code, click .

To create an adaptive card.

  1. In the Manager, select the IT Shop > Basic configuration data > Adaptive cards category.

  2. Click in the result list.

  3. Edit the adaptive card's main data.

  4. Create a new template for adaptive cards.

  5. Save the changes.
  6. Create additional language-specific templates for this adaptive card as required and save the changes.

To use your customized adaptive card

  1. In the Designer, edit the QER_PWOHelperPWO approve anywhere process.

    1. Select the Send Adaptive Card to Starling Cloud Assistant process step.

    2. Edit the value of the ParameterValue2 parameter and replace the name and UID with the values of your customized adaptive card.

  2. Save the changes.

To delete an adaptive card.

  1. In the Manager, select the IT Shop > Basic configuration data > Adaptive cards category.

  2. Select the adaptive card in the result list.

  3. Click in the result list.

    This deletes the adaptive card and all the templates belonging to it.

Related topics

Creating, editing, and deleting adaptive cards templates for requests

To use your own adaptive cards or to provide adaptive cards in other languages, create your own adaptive card's templates.

To create an adaptive card template

  1. In the Manager, select the IT Shop > Basic configuration data > Adaptive cards category.

  2. Select the adaptive card in the result list.

  3. Edit the adaptive card's main data.

  4. Next to the Adaptive card templates menu, click .

  5. In the Language menu, select a language for the adaptive card.

    All active languages are shown. To use another language, in the Designer, enable the corresponding countries. For more information, see the One Identity Manager Configuration Guide.

  6. In the Template field, enter a definition for the adaptive card.

    • To display the entire JSON code, click .

    You can use the Adaptive Card Designer from Microsoft or the Visual Studio Code Plugin to help.

  7. Save the changes.
  8. In the Designer, check the QER_CloudAssistant_ApprovalAnywhere script and modify it to suit your requirements.

To edit an adaptive card template

  1. In the Manager, select the IT Shop > Basic configuration data > Adaptive cards category.

  2. In the result list, select the adaptive card whose template you want to edit.

  3. Select the Change main data task.

  4. In the Adaptive card templates menu, select a template.

  5. In the Template field, edit the adaptive card definition.

    • To edit the entire JSON code, click .

  6. Save the changes.

To delete an adaptive card template

  1. In the Manager, select the IT Shop > Basic configuration data > Adaptive cards category.

  2. In the result list, select the adaptive card whose template you want to delete.

  3. Edit the adaptive card's main data.

  4. In the Adaptive card templates menu, select the template.

  5. Click next to the menu.

  6. Save the changes.
Related topics

Deploying and evaluating adaptive cards for requests

Once an approver is determined in an approval step, the QER_PWOHelperPWO approve anywhere process runs. The process is generated if the following conditions are fulfilled:

  • The approver is registered as the recipient in Starling Cloud Assistant.

  • A default email address is stored for the approver.

  • The QER | Person | Starling | UseApprovalAnywhere configuration parameter is set.

  • An expiry date is entered in the QER | Person | Starling | UseApprovalAnywhere | SecondsToExpire configuration parameter.

  • Approval by multi-factor authentication is not set on the requested service item.

The process runs the QER_CloudAssistant_CreateMessage_PWOHelperPWO script passing to it the name and the UID of the adaptive card to send. The script created the adaptive card from the JSON template for adaptive cards and the data in the request and then sends it to the approver. The QER_CloudAssistant_CheckMessage_PWOHelperPWO script checks if the approver has sent a response, evaluates the response and updates the request process according to the approval decision.

NOTE: If you want to use your own adaptive cards template, check the QER_CloudAssistant_CreateMessage_PWOHelperPWO, QER_CloudAssistant_CreateData_PWOHelperPWO, and QER_CloudAssistant_CheckMessage_PWOHelperPWO scripts and adjust them if necessary to reflect content changes in the template. For more information about overriding scripts, see the One Identity Manager Configuration Guide.

Related topics
Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation