Requesting products more than once
The IT Shop distinguishes between single or multiple requestable products. Single request products are, for example, software, system roles, or Active Directory groups. These products cannot be requested if they have already been be requested for the same time period.
Furthermore, there may be company resources that are needed more than once, consumables, for example. You can find company resources such as these mapped in One Identity Manager as Multi-request resource or Multi requestable/unsubscribable resources.
Request sequence of multi-request resources
-
A customer requests a multi-request resource in the Web Portal.
-
The request goes through the appropriate approval process and is approved.
The request is only saved in the PersonWantsOrg table. No entry is created in the PersonInITShopOrg table.
-
The resource can be canceled immediately. The request contains the Unsubscribed status (PersonWantsOrg.OrderState = 'Unsubscribed').
The resource cannot be canceled by the customer.
Request sequence of multi requestable/unsubscribable resources
-
A customer requests a multi requestable/unsubscribable resource in the Web Portal.
-
The request goes through the appropriate approval process and is approved.
The request is only saved in the PersonWantsOrg table. No entry is created in the PersonInITShopOrg table.
-
The request contains the Assigned status (PersonWantsOrg.OrderState = 'Assigned').
The resource can be unsubscribed by means of the Web Portal.
TIP: A customer-specific implementation of a process with the PersonWantsOrg root object for the OrderGranted result can be made in order to start a specified action when a multi-request resource is approved. For more information about defining processes, see One Identity Manager Configuration Guide.
Related topics
Requests with limited validity period
Customers keep their requested products on the shelf until they themselves unsubscribe from them. Sometimes, however, products are only required for a certain length of time and can be canceled automatically after this time. Products that are intended to have a limited shelf life need to be labeled with the validity period. For more information, see Products for requests with time restrictions.
When a product with a limited request period is requested, One Identity Manager calculates the date and time at which the product is automatically unsubscribed (Valid until/expiry date of the request) from the current date and validity period specified in the service item. This deadline can be adjusted when the request is made.
As soon as a request is approved by all approvers, the expiration date is recalculated from the actual date and the validity period. This ensures that the validity period is valid from the day of assignment.
A Valid from date can also be entered at the time of request. This specifies the date that an assignment starts to apply. If this date is given, the expiry date is calculated from the Valid from date and the validity period. If both a validity period and a Valid from date are specified and the Valid from date is in the future, then the expiration date is not recalculated. The request remains valid until the specified Valid until date. If the validity period has already expired at the time of approval, the request can no longer be approved. The request is canceled and an error message is displayed.
Cancellations can include a validity period, which means a deadline for the cancellation is set for unlimited requests. Use this method to change the expiry date for requests with a validity period. Once the cancellation has been granted approval, the cancellation's validity period is taken as the new expiry date of the request. The request cannot be extended beyond the validity period.
Multiple requests for a product with limited validity period
If a customer has requested a product with a limited validity period, the validity period must be tested for validity in subsequent requests for this product for the same customer. If the validity period is not in effect, the request is not permitted. By default, new requests are permitted if they fall in a time period that is not covered by another pending request. However, the validity periods of different requests may not overlap. You can define the desired behavior for the validity period over configuration parameters. For more information, see Checking request validity periods.
Related topics
Renewing requests
The request recipient receives a message before reaching the expiry date and has the possibility to extend the period. For more information, see Sequence for limited requests. The request is canceled once the expiry date has been reached.
The customer has the option to renew a request. If the customer uses this option, the extension (as in the original request) needs to approved through an approval process. The renewal workflow stored with the approval policy is used for this purpose. If the extension is denied, the original request runs out at the given date. You can also limit renewals in the same way. The renewal's expiration date is calculated from the date of the renewal's approval and the validity period of the product if no Valid until date was specified at the time of the renewal.
A limited request might look like the following a sequence:
Service item |
Validity period: 90 days |
Requested on: 1/2/2017 |
Valid until: 4/1/2017 11:59 PM |
Approved on: 1/5/2017 |
Valid until: 4/5/2017 11:59 PM |
Renewed until: 3/31/2017 |
Renewal valid until: 4/30/2017 12:00 PM |
Approved on: 4/2/2017 |
Valid until: 4/30/2017 12:00 PM |
Canceled on: 4/10/2017 |
Unsubscribed as from: 4/14/2017 11:59 PM |
Approved on: 4/11/2017 |
Valid until: 4/11/2017 11:59 PM |
NOTE: Ensure that times in the One Identity Manager tools, for example, the Web Portal, are in the user's local time.
Related topics
Canceling or unsubscribing requests
DBQueue Processor checks whether the request's expiry date has passed using a scheduled One Identity Manager task, which compares it against current UTC time. If the expiry date has passed, the request is canceled; the resulting assignments removed. You can configure this behavior.
If necessary, temporary requests can be unsubscribed. If the expiry date has passed, the unsubscription workflow stored at the decision guideline is run in this case. The unsubscription must be approved; only then will the assignment be permanently removed. If another request exists for the product, perhaps with the status Pending, the expired request will be canceled and replaced by the pending request.
To unsubscribe temporary requests on expiry
If the configuration parameter is set, requests with the status Assigned or Renewal will be unsubscribed. The unsubscription workflow entered in the approval policy runs through if no other request exists for the product, which now takes effect. Once the unsubscription is approved, the assignment will be removed. Expired requests with the status approved, pending, request are canceled.
NOTE: If the unsubscription is denied, the approver must enter a new Valid until date. Otherwise, the request is given Assigned status and the unsubscription workflow runs again.
Related topics