Business partners
In One Identity Manager, you can enter the data for external businesses that could be act as manufacturers, suppliers, or partners. You assign a manufacturer to a service item.
To create or edit business partners
- In the Manager, select the Accounting > Basic configuration data > Business partners category.
-
In the result list, select a business partner and run the Change main data task.
- OR -
Click in the result list.
-
Edit the business partner's main data.
- Save the changes.
Enter the following data for a company.
Table 2: General main data of a company
Company |
Short description of the company for the views in One Identity Manager tools. |
Name |
Full company name. |
Surname prefix |
Additional company name. |
Short name |
Company's short name. |
Contact |
Contact person for the company. |
Partner |
Specifies whether this is a partner company. |
Customer number |
Customer number at the partner company. |
Supplier |
Specifies whether this is a supplier. |
Customer number |
Customers number at supplier. |
Leasing partner |
Specifies whether this is a leasing provider or rental firm. |
Manufacturer |
Specifies whether this is a manufacturer. |
Remarks |
Text field for additional explanation. |
Table 3: Company address
Street |
Street or road. |
Building |
Building |
Zip code |
Zip code. |
City |
City. |
State |
State. |
Country |
Country. |
Phone |
Company's telephone number. |
Fax |
Company's fax number. |
Email address |
Company's email address. |
Website |
Company's website. Click the button to display the web page in the default web browser. |
Functional areas
To analyze rule checks for different areas of your company in the context of identity audit, you can set up functional areas. Functional areas can be assigned to hierarchical roles and service items. You can enter criteria that provide information about risks from rule violations for functional areas and hierarchical roles. To do this, you specify how many rule violations are permitted in a functional area or a role. You can enter separate assessment criteria for each role, such as a risk index or transparency index.
Moreover, functional areas can be replaced by peer group analysis during request approvals or attestation cases.
Example: Use of functional areas
To assess the risk of rule violations for service items. Proceed as follows:
-
Set up functional areas.
-
Assign service items to the functional areas.
-
Specify the number of rule violations allowed for the functional area.
-
Assign compliance rules required for the analysis to the functional area.
-
Use the One Identity Manager report function to create a report that prepares the result of rule checking for the functional area by any criteria.
To create or edit a functional area
-
In the Manager, select the Accounting > Basic configuration data > Functional areas category.
-
In the result list, select a function area and run the Change main data task.
- OR -
Click in the result list.
-
Edit the function area main data.
- Save the changes.
Enter the following data for a functional area.
Table 4: Functional area properties
Functional area |
Description of the functional area |
Parent Functional area |
Parent functional area in a hierarchy.
Select a parent functional area from the list for organizing your functional areas hierarchically. |
Max. number of rule violations |
List of rule violation valid for this functional area. This value can be evaluated during the rule check.
NOTE: This property is available if the Compliance Rules Module is installed. |
Description |
Text field for additional explanation. |
For more information about peer group analysis, see the One Identity Manager IT Shop Administration Guide and the One Identity Manager Attestation Administration Guide.
Product owners
NOTE: This function is available if the QER | ITShop configuration parameter is set.
Identities who are approvers in approval processes for requesting service items can be assigned to these service items. To do this, assign a service item or a service category to an application role for Product owners. Assign identities to this application role who are authorized to edit service item or service category main data.
A default application role for product owners is available in One Identity Manager. You may create other application roles as required. For more information about application roles, see the One Identity Manager Authorization and Authentication Guide.
Table 5: Default application roles for product owners
Product owners |
Product owners must be assigned to the Request & Fulfillment | IT Shop | Product owners application role or a child application role.
Users with this application role:
NOTE: This application role is available if the QER | ITShop configuration parameter is set. |
To add identities to the default application role for product owners
-
In the Manager, select the Accounting > Basic configuration data > Product owners category.
-
Select the Assign identities task.
In the Add assignments pane, add identities.
TIP: In the Remove assignments pane, you can remove identity assignments.
To remove an assignment
- Save the changes.
To add another application role for product owners
-
In the Manager, select the Accounting > Basic configuration data > Product owners category.
-
Click in the result list.
-
Enter at least the application role's name and, in the Parent application role menu, select the Request & Fulfillment | IT Shop | Product owners application role or a child role.
- Save the changes.
-
Assign identities to the application role.
Related topics
Attestors
NOTE: This function is available if the Attestation Module is installed and the QER | ITShop configuration parameter is set.
In One Identity Manager, you can specify which identities are used as attestors for service items and service categories in attestation cases if the approval workflow is set up accordingly. To do this, assign a service item or a service category to an attestor's application role. Assign identities that are authorized to attest accounting data to this application role.
For more information about attestation, see the One Identity Manager Attestation Administration Guide.
A default application role for attestors is available in One Identity Manager. You may create other application roles as required. For more information about application roles, see the One Identity Manager Authorization and Authentication Guide.
Table 6: Default application roles for attestors
Attestors for IT Shop |
Attestors must be assigned to the Request & Fulfillment | IT Shop | Attestors application role.
Users with this application role:
-
Attest correct assignment of company resource to IT Shop structures for which they are responsible.
-
Attest objects that have service items assigned to them.
-
Can view main data for these IT Shop structures but not edit them.
NOTE: This application role is available if the Attestation Module is installed and the QER | ITShop configuration parameter is set. |
To add identities to default application roles for attestors
-
In the Manager, select the Accounting > Basic configuration data > Attestors category.
-
Select the Assign identities task.
In the Add assignments pane, add identities.
TIP: In the Remove assignments pane, you can remove identity assignments.
To remove an assignment
- Save the changes.
To add another application role for attestors
-
In the Manager, select the Accounting > Basic configuration data > Attestors category.
-
Click in the result list.
-
Enter at least the application role's name and, in the Parent application role menu, select the Request & Fulfillment | IT Shop | Attestor application role or a child role.
- Save the changes.
-
Assign identities to the application role.
Related topics