サポートと今すぐチャット
サポートとのチャット

Identity Manager 9.2 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Approval recommendations for requests Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence
The request overview Requesting products more than once Requests with limited validity period Relocating a customer or product to another shop Changing approval workflows of pending requests Requests for employees Requesting change of manager for an employee Canceling requests Unsubscribe products Notifications in the request process Approval by mail Adaptive cards approval Requests with limited validity period for changed role memberships Requests from permanently deactivated identities Deleting request procedures and deputizations
Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Restructuring the IT Shop Templates for automatically filling the IT Shop Custom mail templates for notifications Product bundles Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Requestable products

Requestable products in the IT Shop are company resources such as target system groups, software, and non-IT resources after they have been assigned to a shelf. The following company resources can be assigned to shelves as requestable products.

Table 2: Requestable products

Company resource

Available in module

Documentation guide

Groups and system entitlements of custom target systems

Target System Base Module

One Identity Manager Target System Base Module Administration Guide

Active Directory groups

Active Directory Module

One Identity Manager Administration Guide for Connecting to Active Directory

SharePoint groups and SharePoint roles

SharePoint Module

One Identity Manager Administration Guide for Connecting to SharePoint

HCL Domino groups

Domino Module

One Identity Manager Administration Guide for Connecting to HCL Domino

LDAP groups

LDAP Module

One Identity Manager Administration Guide for Connecting to LDAP

SAP groups, SAP roles, and SAP profiles

SAP R/3 User Management Module

One Identity Manager Administration Guide for Connecting to SAP R/3

SAP structural profiles

SAP R/3 Structural Profiles Add-on Module

One Identity Manager Administration Guide for SAP R/3 Structural Profiles Add-on

SAP BI analysis authorizations

SAP R/3 Analysis Authorizations Add-on Module

One Identity Manager Administration Guide for SAP R/3 Analysis Authorizations Add-on

E-Business Suite permissions

Oracle E-Business Suite Module

One Identity Manager Administration Guide for Connecting to Oracle E-Business Suite

Azure Active Directory group, Azure Active Directory administrator roles, Azure Active Directory role assignments, Azure Active Directory role permissions

Azure Active Directory Module

One Identity Manager Administration Guide for Connecting to Azure Active Directory

Google Workspace groups, Google Workspace products and SKUs, Google Workspace Admin role assignments

Google Workspace Module

One Identity Manager Administration Guide for Connecting to Google Workspace

Cloud groups and system entitlements

Cloud Systems Management Module

One Identity Manager Administration Guide for Connecting to the Universal Cloud Interface

PAM user groups

Privileged Account Governance Module

One Identity Manager Administration Guide for Privileged Account Governance

OneLogin roles

OneLogin Module

One Identity Manager Administration Guide for Integration with OneLogin Cloud Directory

API key requirements, password requirements, remote desktop application requirements, remote desktop session requirements, SSH key requirements, SSH session requirements, and Telnet session requirements.

Privileged Account Governance Module

One Identity Manager Administration Guide for Privileged Account Governance

Resources

Identity Management Base Module

One Identity Manager Identity Management Base Module Administration Guide

Multi-request resources

Identity Management Base Module

One Identity Manager Identity Management Base Module Administration Guide

Account definitions

Target System Base Module

One Identity Manager Target System Base Module Administration Guide

System roles

System Roles Module

One Identity Manager System Roles Administration Guide

Subscribable reports

Report Subscription Module

One Identity Manager Report Subscriptions Administration Guide

Software

Software Management Module

One Identity Manager Software Management Administration Guide

Assignment resources

Identity Management Base Module

Business Roles Module

Use assignment resources to request any number of assignments to hierarchical roles or to delegate responsibilities through the IT Shop. One Identity Manager IT Shop Administration Guide, Assignment requests

Software and system roles can also be requested for workdesks. The request's UID_Workdesk is given as additional information here (PersonWantsOrg.UID_WorkdeskOrdered).

Multi-request resources

The IT Shop distinguishes between single or multiple requestable products. Single request products are, for example, software, system roles, or Active Directory groups. These products cannot be requested if they have already been be requested for the same time period.

Furthermore, there may be company resources that are needed more than once, consumables, for example. You can find company resources such as these mapped in One Identity Manager as Multi-request resource or Multi requestable/unsubscribable resources.

Table 3: Resource types

Type

Description

Table

Resources

Resources that an identity (workdesk, device) may own just once.

The resources can be requested in the IT Shop just once. The resources are assigned to the identities after approval has been granted. They remain assigned until the request is unsubscribed. You can request them again a later point.

Example: phone, company car.

QERResource

Multi-request resources

Resources that can be requested more than once in the IT Shop. Requests are automatically canceled once approved. The resources are not explicitly assigned to identities.

Example: resource for requesting remote desktop sessions for assets in a PAM system; consumables, such as pens, printing paper.

QERReuse

Multi requestable/unsubscribable resources

Resources that an identity can request more than once in the IT Shop but must return them explicitly once they are no longer needed. The resources are assigned to the identities after approval has been granted. They remain assigned until the request is canceled.

Example: printer, monitor, Azure Active Directory role assignment

QERReuseUS

To set up multi-request resources and add them as products in the IT Shop

  1. In the Manager, select the Entitlements > Multi-request resources for IT Shop category.

  1. Click in the result list.

  2. Edit the resource's main data.

  3. Save the changes.
  4. Select the Add to IT Shop task.

    In the Add assignments pane, assign a shelf.

    TIP: In the Remove assignments pane, you can remove shelf assignments.

    To remove an assignment

    • Select the shelf and double-click .

  5. Save the changes.

To set up multi requestable/unsubscribable resources and to add them as products to the IT Shop

  1. In the Manager, select the Entitlements > Multi requestable/unsubscribable resources for IT Shop category.

  1. Click in the result list.

  2. Edit the resource's main data.

  3. Save the changes.
  4. Select the Add to IT Shop task.

    In the Add assignments pane, assign a shelf.

    TIP: In the Remove assignments pane, you can remove shelf assignments.

    To remove an assignment

    • Select the shelf and double-click .

  5. Save the changes.

For more information about multi requestable products, see the One Identity Manager Identity Management Base Module Administration Guide.

Preparing products for requesting

Company resources have to fulfill at least the following prerequisites before you can request them in the Web Portal:

  • The company resource must be labeled with the IT Shop option.

  • A service item must be assigned to the company resource.

  • The company resource must be assigned to a shelf as a product.

  • If the company resource is only assigned to identities using IT Shop requests, the company resource must also be labeled with the Only use in IT Shop option. This means that the company resource cannot be directly assigned to roles outside the IT Shop.

The Entitlements category displays all company resources that can be requested using the IT Shop. This includes software, system entitlements, system roles, account definitions, resources, multi-request resources, and assignment resources if the corresponding modules are installed.

You can prepare the company resources for requesting in the IT Shop if you are an IT Shop administrator and have logged in as role-based. You can assign service items, edit the IT Shop and Only use in IT Shop options and assign the company resources to IT Shop shelves.

To prepare company resources for requesting

  1. In the Manager, select the Permissions category.

  2. Navigate to the results list and select the company resource you want.

  3. Select the Change main data task.

  4. Enable the IT Shop option.

  5. Assign a new service item in the Service item field.

    To add a new service item, click . Copy the name of the company resource as identifier for the service item. Enter the other properties on the service item main data form.

  6. Save the changes.
  7. Select the Add to IT Shop task.

  8. In the Add assignments pane, assign the company resource to shelves.

  9. Save the changes.

Customer keep their requested products on the shelf until they unsubscribe them. Sometimes, however, products are only required for a certain length of time and can be canceled automatically after this time. There are other settings required to provide limited period products.

Detailed information about this topic

Entering service items

In order to request company resources in the Web Portal, a service item must be assigned to them. Service items contain additional information about the company resources. For example, you can specify article numbers, request properties, product supervisors, or approvers for requests. A service catalog can be put together from the service items the Web Portal. These contain all the requestable products. You can use service categories, tags, and service item names to find the product in the service catalog.

To create or edit service categories

  1. In the Manager, select the IT Shop > Service catalog > Hierarchical by service categories > <service category> category.

    - OR -

    In the Manager, select the IT Shop > Service catalog > Hierarchical by service categories > Singles category.

  2. In the result list, select the product's service item and select the Change main data task.

    - OR -

    Click in the result list.

  3. Enter the service item's main data.

  4. Save the changes.
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択