サポートと今すぐチャット
サポートとのチャット

Identity Manager 9.2.1 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Approval recommendations for requests Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence
The request overview Requesting products more than once Requests with limited validity period Relocating a customer or product to another shop Changing approval workflows of pending requests Requests for employees Requesting change of manager for an employee Canceling requests Unsubscribe products Notifications in the request process Approval by mail Adaptive cards approval Requests with limited validity period for changed role memberships Requests from permanently deactivated identities Deleting request procedures and deputizations
Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Restructuring the IT Shop Templates for automatically filling the IT Shop Custom mail templates for notifications Product bundles Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

General main data of customer nodes

Enter the following main data of a customer node:

Table 70: General main data of a customer node

Property

Description

IT Shop node

IT Shop structure name.

Internal name

Internal IT Shop structure name.

IT Shop information

Labels the IT Shop structure as customer node. In the menu, select Customers.

The menu is only displayed when you insert a new IT Shop structure.

Role type

Not relevant

Shelf template

N/A.

Parent IT Shop node

Parent IT Shop nodes in the IT Shop hierarchy. Select the shop to which the customer node will be added. Only one customer node is allowed per shop.

Full name

Full identifier of the customer node.

Location

N/A.

Department

N/A.

Cost center

N/A.

Owner

N/A.

Deputy manager

N/A.

Attestors

N/A.

Description

Text field for additional explanation.

Dynamic roles not allowed

Specifies whether a dynamic role can be created for the customer node.

Related topics

Custom main data of customer nodes

Additional company-specific information. Use the Designer to customize display names, formats, and templates for the input fields.

Assigning identities directly

Add an identity that is authorized to make requests for the shop to the customer node. You have two possible ways of doing this. Identities can be assigned to a customer node either directly or through a dynamic role.

IMPORTANT:If a shop contains a large number of customers, the calculations in the IT Shop can cause a heavy load on the DBQueue Processor and therefore on the database server, as well.

Never assign more than 30,000 identities to a customer node.

To assign identities directly to a custom node

  1. In the Manager, select the IT Shop > IT Shop > <shop> > Customers category or the IT Shop > IT Shop > <shopping center> > <shop> > Customers category.

  2. Select the Assign identities task.

    In the Add assignments pane, assign the identities authorized to make requests.

    TIP: In the Remove assignments pane, you can remove assigned identities.

    To remove an assignment

    • Select the identity and double-click .

  3. Save the changes.

If an identity is removed from a customer node, all pending requests for this identity are canceled.

Related topics

Assigning identities through dynamic roles

Add an identity that is authorized to make requests for the shop to the customer node. You have two possible ways of doing this. Identities can be assigned to a customer node either directly or through a dynamic role.

NOTE: Create dynamic role is only available for customer nodes that do not have Dynamic roles not allowed set.
IMPORTANT:If a shop contains a large number of customers, the calculations in the IT Shop can cause a heavy load on the DBQueue Processor and therefore on the database server, as well.

Formulate the condition for the dynamic role so that no more than 30,000 identities are found.

To create a dynamic role

  1. In the Manager, select the IT Shop > IT Shop > <shop> > Customers category or the IT Shop > IT Shop > <shopping center> > <shop> > Customers category.

  2. Select the Create dynamic role task.

  3. Enter the required main data.

  4. Save the changes.

To edit a dynamic role

  1. In the Manager, select the IT Shop > IT Shop > <shop> > Customers category or the IT Shop > IT Shop > <shopping center> > <shop> > Customers category.

  2. Select the Entitled customers overview task.

  3. Select the Dynamic roles form element and click on the dynamic role.

  4. Select the Change main data task and edit the dynamic role's main data.

  5. Save the changes.

For more information about dynamic roles, see the One Identity Manager Identity Management Base Module Administration Guide. The following features apply to dynamic roles for customer nodes:

Table 71: Properties of a customer node dynamic role

Property

Description

IT Shop node

This data is initialized with selected customer nodes. If the identities meet the dynamic role conditions, they are added to this customer node.

Object class

Employee

Dynamic role

The dynamic role name is made up of the object class and the full name of the IT Shop node by default.

Calculation schedule

Schedule for calculating dynamic roles. Identities with request permissions for the shop are determined regularly at the times specified in the schedule.

In the default installation of One Identity Manager, the Dynamic roles check schedule is already defined. All dynamic role memberships are checked using this schedule and recalculation operations are sent to the DBQueue Processor if necessary. Use the Designer to customize schedules or set up new ones to meet your requirements. For more information, see the One Identity Manager Operational Guide.

To delete a dynamic role

  1. In the Manager, select the IT Shop > IT Shop > <shop> > Customers category or the IT Shop > IT Shop > <shopping center> > <shop> > Customers category.

  2. Select the Entitled customers overview task.

  3. Select the Dynamic roles form element and click on the dynamic role.

  4. In the Manager's toolbar, click .

  5. Confirm the security prompt with Yes.
Related topics
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択