サポートと今すぐチャット

オンラインヘルプの参照
登録の完了

サインイン

価格設定をリクエスト

営業担当に連絡

Identity Manager On Demand - Starling Edition Hosted - IT Shop Administration Guide

コンテンツのナビゲーション

Setting up an IT Shop solution

One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products

Multi-request resources

Preparing products for requesting

Entering service items

General main data for service items Pricing for service items Extended main data for service items Default service items Specifying dependencies between products Editing product dependencies for requests Defining hierarchy for service items Assigning hierarchical roles to service items

Assigning organizations to service items Assigning business roles to service items

Assigning functional areas to service items Assigning extended properties to service items Displaying websites for service items Changing products for service items Adding tags and assigning them to service items Assigning object-dependent references to service items Displaying the service item overview Reports about service items

Overview of all assignments

Entering service categories

Main data for service categories Default service categories Assigning service items to service categories Assigning object-dependent references to a service category Displaying the service category overview

Entering product-specific request properties

Request property and request parameter settings Copy request properties Displaying the request properties overview

Products for requests with time restrictions Product request on customer or product relocation Non-requestable products Entering terms of use

Displaying the terms of use overview

Assigning service items to tags Displaying the tags overview

Assigning and removing products

Assigning products to shelves Removing products from shelves Moving products to another shelf Replacing products

Preparing the IT Shop for multi-factor authentication Assignment requests

Standard products for assignment requests Requesting memberships in business roles Requesting memberships in application roles Customizing assignment requests Canceling requests Removing customers from a shop Setting up assignment resources

General main data for assignment resources Default assignment resources Displaying assignment resource overviews Adding assignment resources to the IT Shop Removing assignment resources from the IT Shop

Standard products for delegation Preparing single delegations Allowing delegation approvals

Creating IT Shop requests from existing user accounts, assignments, and role memberships

Creating requests for identities Creating user account requests Creating workdesk requests Creating assignment requests

Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners

Approval processes for IT Shop requests

Approval policies for requests

General main data of approval policies Default approval policies Additional tasks for approval policies

The approval policy overview Adding to the IT Shop Validity checking Editing approval workflows

Approval workflows for requests

Working with the workflow editor Setting up approval workflows

Editing approval levels Editing approval steps Properties of an approval step Connecting approval levels

Additional tasks for approval workflows

The approval workflow overview Copying approval workflows

Deleting approval workflows Default approval workflows

Determining effective approval policies

Approvers for renewals Approvers for unsubscriptions

Selecting responsible approvers

Default approval procedures

Self-service Using IT Shop structures to find approvers Using request recipients to find approvers Using specific roles to find approvers Using requested products to find approvers Using products requested by request parameter to find approvers Using approval roles to find approvers Using cost centers to find approvers Using departments to find approvers Using requested roles to find approvers Waiting for further approval Calculated approval Approvals to be made externally Finding requesters

Setting up approval procedures

General main data of an approval procedure Queries for approver selection

Copying an approval procedure Deleting approval procedures Determining the responsible approvers

Request risk analysis Testing requests for rule compliance

Compliance checking requests Identifying rule violations Finding exception approvers Restricting exception approvers

Setting up exception approver restrictions

Explicit exception approval Rule checking for requests with self-service

Approving requests from an approver

Setting up approver restrictions

Automatically approving requests

Configuring automatic approval

Approval by peer group analysis

Configuring peer group analysis for requests

Approval recommendations for requests

Criteria for approval recommendations for requests Configuring approval recommendations for requests

Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes

Request sequence

The request overview

Displaying request details Displaying the approval sequence Displaying the approval history

Requesting products more than once Requests with limited validity period

Renewing requests Canceling or unsubscribing requests Checking request validity periods

Relocating a customer or product to another shop Changing approval workflows of pending requests Requests for employees Requesting change of manager for an employee Canceling requests Unsubscribe products Notifications in the request process

Requesting approval Reminding approvers Scheduled request for approval Sequence for limited requests Approving or denying request approval Notifying delegates Canceling requests Escalating requests Delegating approvals Rejecting approvals Notifications with questions Using additional approvers to approve requests Unsubscribing approved requests Renewing approved requests Product change notifications Default mail templates Bulk delegation notifications

Approval by mail

Editing approval emails

Adaptive cards approval

Using adaptive cards for approvals Adding and deleting recipients and channels Creating, editing, and deleting adaptive cards for requests Creating, editing, and deleting adaptive cards templates for requests General main data for adaptive cards Deploying and evaluating adaptive cards for requests Disabling adaptive cards

Requests with limited validity period for changed role memberships Requests from permanently deactivated identities Deleting request procedures and deputizations

Managing an IT Shop

IT Shop base data

Processing status Standard reason for requests

Predefined standard reasons for requests

Role classes for the IT Shop Role types for the IT Shop Business partners Functional areas Chief approval team Product owners Attestors

Setting up IT Shop structures

Adding IT Shop structures General main data of IT Shop structures Custom main data of IT Shop structures Assigning approval policies Assigning requestable products to shelves The IT Shop structure overview

Setting up a customer node

Adding customer nodes General main data of customer nodes Custom main data of customer nodes Assigning identities directly Assigning identities through dynamic roles The entitled customers overview

Deleting IT Shop structures

Deleting customer nodes Deleting shelves Deleting shops Deleting shopping centers

Restructuring the IT Shop

Moving shops to other shopping centers Moving shelves to other shops Moving products to another shelf

Templates for automatically filling the IT Shop

Using shelf templates in an IT Shop solution Editing shelf templates General main data of a shelf template Custom main data of shelf templates Assigning approval policies Assigning requestable products to shelf templates Shelf-filling wizard Assigning shelf templates to shops and shopping center templates Deleting shelf templates

Custom mail templates for notifications

Creating and modifying IT Shop mail templates General properties of mail templates Creating and editing mail definitions

Using base object properties Use of hyperlinks to the Web Portal Default functions for creating hyperlinks Customize email signatures

Copying IT Shop mail templates Displaying IT Shop mail template previews Deleting IT Shop mail templates Custom notification processes

Product bundles

Creating and modifying product bundles General main data of a product bundle Cart items Deleting product bundles

Recommendations and tips for transporting IT Shop components with the Database Transporter

Troubleshooting errors in the IT Shop

Timeout on saving requests Bulk delegation errors Process monitoring for requests

Configuration parameters for the IT Shop Request statuses Examples of request results

Determining effective approval policies

You can apply approval policies to different IT Shop structures and service items. If you have multiple approval policies within your IT Shop, which policy is to be used is based on which rules are specified.

Effective approval policies are defined by the following steps: If no approval policy is found in a step, the next one is checked. The following objects are checked in the following sequence:

The requested service item
The service category to which this service item is assigned
Parent service category
The shelf used for requesting the service item
The shop where the shelf is located
The shopping center where the shop is located

Multiple approval policies can also be identified in this way.

An approval policy found by one of these methods is applied under the following conditions:

The approval policy is not assigned a role type.

- OR -
The assigned role type corresponds to the shelf role type.

If more than one effective approval policies are identified by the rules, the effective approval policy is determined by the following criteria (in the given order).

The approval policy has the highest priority (alphanumeric sequence).
The approval policy has the lowest number of approval steps.
The first approval policy found is taken.

Furthermore:

If no approval policy can be found for a product, a request cannot be started.

The same applies for renewals and unsubscriptions.
If no approver can be determined for one level of an approval policy, the request can be neither approved nor denied.
- Pending requests are rejected and closed.
- Unsubscriptions cannot be approved. Therefore, unsubscribed products remain assigned.
- Renewals cannot be approved. Therefore, products for renewal remain assigned until the valid until date is reached.

NOTE: If an approval workflow for pending requests changes, you must decide how to proceed with these requests. Configuration parameters are used to define the desired procedure.

For more information, see Changing approval workflows of pending requests.

Related topics

Approvers for renewals

Once the currently effective approval policy has been identified, the actual approvers are determined by the approval workflow specified by it. When requests are renewed, a renewal workflow is run. If no renewal workflow is stored with the approval policy, approvers are determined by the approval workflow.

If no approvers can be identified for a renewal, then the renewal is denied. The product remains assigned only until the Valid until date. The request is then canceled and the assignment is removed.

Related topics

Approvers for unsubscriptions

Once the currently effective approval policy has been identified, the actual approvers are determined by the approval workflow specified by it. When a product is unsubscribed, the cancellation workflow runs. If no unsubscribe workflow is stored with the approval policy, approvers are determined by the approval workflow.

If no approvers can be determined for an unsubscription, then the unsubscription is denied. The product remains assigned.

Related topics

Determining effective approval policies

Selecting responsible approvers

One Identity Manager can make approvals automatically in an approval process or through approvers. An approver is an identity or a group of identities who can grant or deny approval for a request (renewal or cancellation) within an approval process. It takes several approval procedures to grant or deny approval. You specify in the approval step which approval procedure should be used.

If several people are determined to be approvers by an approval procedure, the number given in the approval step specifies how many people must approve the step. Only then is the request presented to the approvers in the next approval level. The request is canceled if an approver cannot be found for an approval step.

One Identity Manager provides approval procedures by default. You can also define your own approval procedures.

The DBQueue Processor calculates which identity is authorized as an approver and in which approval level. The calculation is triggered by the IT Shop approver schedule. Take into account the special cases for each approval procedure when setting up the approval workflows to determine those authorized to grant approval.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択

© 2024 One Identity LLC. ALL RIGHTS RESERVED. 利用規約プライバシー Cookie Preference Center