지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager On Demand Hosted - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining the effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Templates for automatically filling the IT Shop Custom mail templates for notifications Request templates Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Requests from permanently inactive employees

By default, permanently deactivated employees remain members in all the customer nodes. This ensures that all pending request and resulting assignments are retained. One Identity Manager can be configured such that employees are automatically removed from all custom nodes once they are permanently deactivated. This means that all pending requests are broken off and remaining assignments are removed.

To remove employees from all customer nodes if they are permanently deactivated

  • In the Designer, set the QER | ITShop | AutoCloseInactivePerson configuration parameter.

Deleting requests

To limit request procedures in the One Identity Manager database, you can remove closed request procedures from the database. The request procedure properties are logged in the approval history at the same time. The requests are subsequently deleted. Only closed requests with unexpired retention periods are kept in the database.

If the request to be deleted still contains dependent requests, the request is only deleted after the dependent requests have been deleted. Dependent requests are requests that are entered into PersonWantsOrg.UID_PersonWantsOrgParent.

To delete requests automatically

  1. In the Designer, set the QER | ITShop | DeleteClosed configuration parameter.

    1. To delete canceled requests, set the QER | ITShop | DeleteClosed | Aborted configuration parameter and set the retention period in days.

    2. To delete denied requests, set the QER | ITShop | DeleteClosed | Dismissed configuration parameter and set the retention period in days.

    3. To delete canceled requests, set the QER | ITShop | DeleteClosed | Unsubscribed configuration parameter and specify its retention period in days.

  2. In the Designer, set the Common | ProcessState | PropertyLog configuration parameter and compile the database.

    If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

    This activates logging for deleted request procedures and their approval history. For more detailed information about logging data changes, see the One Identity Manager Configuration Guide.

    INFORMATION: Ensure that the recorded request procedures are archived for audit reasons. For more detailed information about the archiving process, see the One Identity Manager Data Archiving Administration Guide.

Closed requests are deleted by the DBQueue Processor once the request's retention period has expired. As the basis for calculating the retention period, the request's cancellation date is used. If this date cannot be given, the time at which the request was last changed, is used. The DBQueue Processor determines the requests to be deleted in the context of daily maintenance tasks. All request procedure properties are logged in the approval history.

Managing an IT Shop

Depending on your company structure, you can use the supplied default shop, Identity & Access Lifecycle, and extend it or set up your own IT Shop solution. Set up different IT Shop structures for your custom IT Shop solution. Specify which employees are authorized to make request in the shops.

To set up an IT Shop solution with the help of the IT Shop Wizard.

  • In the Manager, select the My One Identity Manager > IT Shop wizards > Create shop category.

    The wizard includes the most important configuration stages for setting up an IT Shop. After completing the wizard, there may be other configuration steps necessary.

IT Shop structures such as shopping centers, shops, and shelves are mapped in the IT Shop > IT Shop category. An IT Shop solution is displayed hierarchically.

The following sections describe the procedure for manually setting up an IT Shop.

IT Shop base data

Various base data is required to construct an IT Shop:

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택