Chat now with support
Chat with Support

Identity Manager 8.2 - Web Designer Web Portal User Guide

General tips and getting started Security keys (WebAuthn) Requests
Requesting products Saved for Later list Request templates Pending requests Displaying request history Resubmitting requests Canceling requests Renewing products with limit validity periods Unsubscribing products Displaying approvals Undoing approvals Request inquiries Auditing requests Escalated requests
Attestation
Attestors for attestation cases Sending attestation reminders My attestation cases Pending attestations Displaying attestation history Attestation inquiries Auditing attestations Attestation – Administration Escalation
Compliance Responsibilities
My responsibilities
Specifying keywords for requestable products My departments My application roles My devices My business roles My identities My cost centers My multi-request resources My multi requestable/unsubscribable resources My resources My software applications My locations My system entitlements My system roles My assignment resources
Delegating tasks Ownerships Auditing
Auditing departments Auditing application roles Auditing devices Auditing business roles Auditing identities Auditing cost centers Auditing multi-request resources Auditing multi requestable/unsubscribable resources Auditing resources Auditing software Auditing locations Auditing system roles Auditing system entitlements Auditing assignment resources
Governance administration
Managing departments Managing business roles Managing identities Managing cost centers Managing multi-request resources Managing multi requestable/unsubscribable resources Managing resources Managing locations System entitlements Managing system roles Managing assignment resources
Applications Calls Discovering your statistics on the home page Appendix: Attestation conditions and approval policies from attestation procedures Appendix: Page and menu descriptions
Information (Menu description) My requests (Menu description) Profile (Menu description) Help (Menu description) Request (Menu description) Attestation (Menu description)
My attestation status (page description) My actions (page description)
Pending attestations (page description)
Pending attestations – Attestation policies (page description) Pending attestations: One Identity Manager application roles (page description) Pending attestations: Departments (page description) Pending attestations: System roles (page description) Pending attestations: Locations (page description) Pending attestations: Business roles (page description) Pending attestations: PAM assets (page description) Pending attestations: PAM user accounts (page description) Pending attestations: Employees (page description) Pending attestations: Cost centers (page description) Pending attestations: User accounts (page description) Pending attestations: System entitlements (page description) Pending attestations: Resources (page description) Pending attestations: Assignment resources (page description) Pending attestation: Multi-request resources (page description) Pending attestations: Software (page description) Pending attestations: Multi requestable/unsubscribable resources (page description) Pending attestations – approvals (page description)
Attestation history (page description) Attestation inquiries (page description)
Auditing (page description) Governance administration (page description) Attestation escalation approval (page description)
Compliance (Menu description) Responsibilities (Menu description)
My responsibilities (page description)
Identities (page description) System entitlements (page description) Business roles (page description) System roles (page description) Departments (page description) Cost centers (page description) Locations (page description) Application roles (page description) Resources (page description) Assignment resources (page description) Multi-request resources (page description) Software (page description) Multi requestable/unsubscribable resources (page description) Devices (page description)
Delegating tasks (page description) Ownerships (page description) Auditing (page description)
Auditing – Departments (page description) Auditing – Application roles (page description) Auditing – Device (page description) Auditing – Business roles (page description) Auditing – Identity details (page description) Auditing – Cost center (page description) Auditing – Multi-request resources (page description) Auditing – Multi requestable/unsubscribable resources (page description) Auditing - Resources (page description) Auditing – Software (page description) Auditing – Locations (page description) Auditing – System roles (page description) Auditing - Assignment resource (page description) Auditing – Active Directory (page description) Auditing – Azure Active Directory (page description) Auditing – Custom target system group (page description) Auditing – Google Workspace (page description) Auditing – Domino (page description) Auditing – LDAP (page description) Auditing – Oracle E-Business Suite (page description) Auditing – Privileged Account Management (page description) Auditing – SAP R/3 (page description) Auditing – Unix (page description)
Governance administration (page description)
Business roles (page description) Identities (page description) Multi-request resources (page description) Multi requestable/unsubscribable resources (page description) Organization (page description) Resources (page description) System entitlements (page description) System roles (page description) Assignment resources (page description)
Calls (Menu description)

Requesting for other identities or subidentities

You can make requests for other identities (such as department managers). You can only request products from the shops where the identity is a customer and for which you are responsible.

If you are logged in to the Web Portal with your main identity, you can trigger a request for yourself and for your subidentities at the same time. If you are logged in with your subidentity, you can only make requests for the current subidentity.

TIP: You can also request products for other identities directly from the shopping cart. For more information, see Requesting products in the shopping cart for multiple identities.

To request products for other identities

  1. In the menu bar, click Request > My Requests.

  2. On the My requests page, click Start a new request.

  3. On the Request page, click Change next to the Recipient field.

  4. In the Recipients dialog, click the identities in the list for which you would like to request products.

    NOTE: You can extend the identities list to show more information. To do this, click View settings > Additional columns and select the information you require from the dialog.

    The selected identities are listed under Selected.

    TIP: To remove an identity from the recipient list, click the respective identity under Selected.

  5. Click Close.

  6. Add the products to the shopping cart (see Adding products to the shopping cart) that you want to request for the selected identities.

    TIP: If you want to find out which products are already assigned to the selected recipients, on the Request page, click Actions > Check requests for this recipient.

  7. (Optional) Edit the shopping cart (see Managing products in the shopping cart).

  8. Submit the request (see Submitting requests).

Related topics

Requesting privileged access

You can use the Privileged access requests service category to request privileged access to high-security systems (Privileged Account Management system).

TIP: For more information on the topic of Privileged Account Management, see the One Identity Manager Administration Guide for Privileged Account Governance.

To request privileged access

  1. In the menu bar, click Request > My Requests.

  2. On the My requests page, click Start a new request.

  3. On the Request page, click Privileged access requests.

  4. On the Request page, select how you want to access the system by selecting the check box in front of the relevant option and clicking Add to shopping cart.

    • Password release request: Request a temporary password.

    • Remote desktop session request: Request temporary access through a remote desktop connection.

    • SSH key request: Request temporarily valid SSH key.

    • SSH session request: Request temporary access through an SSH session.

    • Telnet session requests: Request temporary access using a Telnet session.

  5. In the new dialog, next to PAM user account, click Assign/Change.

  6. In the PAM user account dialog, select the PAM user account that you want to use for PAM access.

  7. Next to System to access/Asset, click Assign.

  8. Depending on the type of access you have selected, perform one of the following actions:

    • Password release request: In the System to access window, in the table menu, select which access you want to request, either a PAM directory or a PAM Asset and then click the PAM directory or PAM asset in the list.

    • Telnet session request, remote desktop session request, SSH key request, or SSH session request: In the Asset dialog, click your PAM asset.

  9. In the dialog, next to Account to access, click Assign.

  10. In the Account to access dialog, select in the Table menu, select which access you want to request, either PAM directory account or a PAM Asset account.

  11. In the list, click on the relevant PAM asset account or PAM directory account.

  12. (Optional) In the Comment field, enter a comment, for example, to justify why you are requesting this access.

  13. In the Valid from field, specify the time from which you want the access to be valid or clear the check box so that access is valid from the time of this request.

    TIP: Use the icons next to the date field to select the date and time from the calendar or a list.

  14. In Checkout duration, enter the number of minutes for which the access is valid.

    NOTE: This duration refers to your entry in the Valid from field. For example, if you have specified that the access is valid from 12 noon tomorrow and should be valid for 60 minutes, then the validity period will expire at 1 pm tomorrow.

  15. Click Save.

  16. (Optional) Repeat the steps for all other users and access types.

  17. On the My Shopping Cart page, click Submit.

    TIP: You can also add more products to your shopping cart and configure various settings. For more information, see Managing products in the shopping cart.

    As soon as the request has been approved, a button is displayed in the request history details pane (see Displaying request history) (Request > My Requests > Request History) that you can use to log in to the Privileged Account Management system to get the login information.

Related topics

Requesting Starling 2FA tokens

The Starling Two-Factor Authentication is a multi-factor authentication and can be used when requesting products or approving attestations in the Web Portal. This reduces the risk of unauthorized persons requesting critical products or approving attestations in your name.

To use multi-factor authentication, you must have a Starling 2FA token. You can request this product in the Web Portal. The following data is required to request a Starling 2FA token:

  • Your mobile phone number
  • Your country of residence
  • Your default email address

You can enter this information under My profile > Personal data. For more information, see Changing my contact data.

To request a Starling 2FA token

NOTE: Each identity can request only one new Starling 2FA token. If your mobile phone number changes, you must unsubscribe your Starling 2FA token (see Unsubscribing products) and request it again.

  1. In the menu bar, click Request > My Requests.

  2. On the My requests page, click Start a new request.

  3. Click Access Lifecycle on the Request page.

  4. Click Add to the cart next to the product New Starling 2FA token.

  5. In the New Starling 2FA token dialog, check the mobile phone number and country code. If you have not saved a mobile phone number or the country in your profile, enter your mobile number in the Mobile phone field. Next to Country, click Assign and select a country.

  6. Click OK.

  7. On the My Shopping Cart page, click Submit.

    TIP: You can also add more products to your shopping cart and configure various settings. For more information, see Managing products in the shopping cart.

    The request is forwarded to your manager for approval. Once your manager has granted approval, you will receive a text message on your mobile phone with a link to a multi-factor authentication app.

  8. Install the app on your smartphone:

    1. Open the text message and click the link.

    2. Download the multi-factor authentication app to your smartphone.

    3. Open the app and enter your country code and the mobile phone number.

    4. Confirm the given data and enter your email address.

    5. Reconfirm and select whether to use telephone or text message contact.

      After successful installation, you will receive a registration code.

    You can now use the app for generating a security code.

Related topics

Requesting products that require multi-factor authentication

Multi-factor authentication can be used for specific security-critical requests. Depending on the configuration, either the requester, the order recipient, or the approver must authenticate themselves using an additional security code. Define which products require this authentication in your service items.

To use multi-factor authentication, you must have a Starling 2FA token. For more information, see Requesting Starling 2FA tokens.

To request a product that requires multi-factor authentication

  1. In the menu bar, click Request > My Requests.

  2. On the My requests page, click Start a new request.

  3. On the Request page, click a service category containing products that require multi-factor authentication.

  4. Place the products you want in the shopping cart (see Adding products to the shopping cart) and, if necessary, make further settings in the shopping cart (see Managing products in the shopping cart).

  5. On the My Shopping Cart page, click Submit.

  6. On the Terms of use page, enable the I have read and understood the terms of use option and click Accept.

    A few minutes may pass before you are prompted to enter a security code.

  7. Perform one of the following actions:

    • Click Authenticate with Starling 2FA app.

    • Click Send SMS or Phone call, enter the security code, and click Next.

    Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating