Chat now with support
Chat with Support

Identity Manager 9.2.1 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Approval recommendations for requests Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence
The request overview Requesting products more than once Requests with limited validity period Relocating a customer or product to another shop Changing approval workflows of pending requests Requests for employees Requesting change of manager for an employee Canceling requests Unsubscribe products Notifications in the request process Approval by mail Adaptive cards approval Requests with limited validity period for changed role memberships Requests from permanently deactivated identities Deleting request procedures and deputizations
Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Restructuring the IT Shop Templates for automatically filling the IT Shop Custom mail templates for notifications Product bundles Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Chief approval team

Sometimes, approval decisions cannot be made for requests because the approver is not available or does not have access to One Identity Manager tools. To complete these requests, you can define a chief approval team whose members are authorized to intervene in the approval process at any time.

There is a default application role in One Identity Manager for the chief approval team. Assign this application role to all identities who are authorized to approve, deny, cancel requests in special cases, or to authorize other approvers. For more information about application roles, see the One Identity Manager Authorization and Authentication Guide.

Table 66: Default application role for chief approval team

User

Tasks

Chief approval team

Chief approvers must be assigned to the Request & Fulfillment | IT Shop | Chief approval team application role.

Users with this application role:

  • Approve through requests.
  • Assign requests to other approvers.

To add members to the chief approval team

  1. In the Manager, select the IT Shop > Basic configuration data > Chief approval team category.

  2. Select the Assign identities task.

    In the Add assignments pane, assign the identities who are authorized to approve all requests.

    TIP: In the Remove assignments pane, you can remove assigned identities.

    To remove an assignment

    • Select the identity and double-click .

  3. Save the changes.
Detailed information about this topic

Product owners

Identities who are approvers in approval processes for requesting service items can be assigned to these service items. To do this, assign a service item or a service category to an application role for Product owners. Assign identities to this application role who are authorized to approve requests in the IT Shop and to edit service item or service category main data.

A default application role for product owners is available in One Identity Manager. You may create other application roles as required. For more information about application roles, see the One Identity Manager Authorization and Authentication Guide.

Table 67: Default application roles for product owners

User

Tasks

Product owners

Product owners must be assigned to the Request & Fulfillment | IT Shop | Product owners application role or a child application role.

Users with this application role:

  • Approve through requests.

  • Edit service items and service categories under their management.

To add identities to the default application role for product owners

  1. In the Manager, select the IT Shop > Basic configuration data > Product owners category.

  2. Select the Assign identities task.

    In the Add assignments pane, add identities.

    TIP: In the Remove assignments pane, you can remove identity assignments.

    To remove an assignment

    • Select the identity and double-click .

  3. Save the changes.

To add another application role for product owners

  1. In the Manager, select the IT Shop > Basic configuration data > Product owners category.

  2. Click in the result list.

  3. Enter at least the application role's name and, in the Parent application role menu, select the Request & Fulfillment | IT Shop | Product owners application role or a child role.

  4. Save the changes.
  5. Assign identities to the application role.

Related topics

Attestors

NOTE: This function is only available if the Attestation Module is installed.

In One Identity Manager, you can assign identities, who are brought in as attestors to attest these objects, to IT Shop structures (shelves, shops, shopping centers, service categories, and shelf templates). To do this, assign the IT Shop structures to application roles for attestors. Assign these application roles to identities that are authorized to attest these objects and their assignments.

For more information about attestation, see the One Identity Manager Attestation Administration Guide.

A default application role for attestors is available in One Identity Manager. You may create other application roles as required. For more information about application roles, see the One Identity Manager Authorization and Authentication Guide.

Table 68: Default application roles for attestors

User

Tasks

Attestors for IT Shop

Attestors must be assigned to the Request & Fulfillment | IT Shop | Attestors application role.

Users with this application role:

  • Attest correct assignment of company resource to IT Shop structures for which they are responsible.

  • Attest objects that have service items assigned to them.

  • Can view main data for these IT Shop structures but not edit them.

NOTE: This application role is available if the Attestation Module is installed.

To add identities to default application roles for attestors

  1. In the Manager, select the IT Shop > Basic configuration data > Attestors category.

  2. Select the Assign identities task.

    In the Add assignments pane, add identities.

    TIP: In the Remove assignments pane, you can remove identity assignments.

    To remove an assignment

    • Select the identity and double-click .

  3. Save the changes.

To add another application role for attestors

  1. In the Manager, select the IT Shop > Basic configuration data > Attestors category.

  2. Click in the result list.

  3. Enter at least the application role's name and, in the Parent application role menu, select the Request & Fulfillment | IT Shop | Attestor application role or a child role.

  4. Save the changes.
  5. Assign identities to the application role.

Related topics

Setting up IT Shop structures

Depending on the company structure, you can optionally define shopping centers for your IT Shop solution where several shops can be bought together under one roof. Always add the shopping center to the top level of the IT Shop. Shopping centers may not be hierarchical.

Each shop contains a number of shelves that the customer can request products from. You can add a shop to the top level of the IT Shop or under a shopping center. Shops may not be hierarchical.

There are various products available for request on shelves. Shelves are set up under each shop.

IMPORTANT:If a shop contains a large number of customers, the calculations in the IT Shop can cause a heavy load on the DBQueue Processor and therefore on the database server, as well.

Structure the IT Shop so that no more than 30,000 customers can make requests in each shop. If necessary, set up your own shopping center with several shops and customer nodes.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating