Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email supportadmin@quest.com for assistance

Identity Manager On Demand Hosted - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining the effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Templates for automatically filling the IT Shop Custom mail templates for notifications Request templates Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Removing products from shelves

There are different tasks available for removing a product from a shelf. In the following section, we take the example of a resource to show how to remove a product.

To remove a resource from the Identity Lifecycle shelf

  1. In the Manager, select the IT Shop > IT Shop > Identity & Access Lifecycle > Shelf: Identity Lifecycle category.

  2. Select the Assign resources task.

  3. Remove the resource from Remove assignments.

  4. Save the changes.

When you remove a product from a shelf, pending requests for the product are closed and approved requests are unsubscribed.

To remove a product from all shelves

  • Select the Remove from all shelves task.

    You will find the task on the main data form of the respective product, for example, a resource.

The task immediately removes product assignments to manually configured shelves and shelf templates. Then, the DBQueue Processor removes product assignments to shelves, based on a template definition. All assignments are unsubscribed if the product is part of an assignment request.

Information on bulk processing

If products are added in bulk to the IT Shop by automatic processes, you can specify how many product nodes are created in one DBQueue Processor run in the QER | ITShop | LimitOfNodeCheck configuration parameter. Once this number has been exceeded, the task is closed and queued again in the DBQueue for generating the rest of the product nodes. By default, 500 objects are processed in one run. The number of requests submitted in bulk can be considerably larger than other processes.

Set a lower value if performance issues arise when running the QER-K-OrgAutoChild process task.

Moving products to another shelf

A product can be moved to another shelf. If the shelf is in another shop, the system checks whether the request recipient is also a customer in the new shop.

NOTE: Standard products cannot be moved.

To move a product to another shelf

  1. In the Manager, select the IT Shop > IT Shop > <shop> > Shelf: <shelf> category.

  2. Select an object in the result list.

  3. Select the Move to another shelf task.

  4. Select the new shelf.

  5. Click OK.
Detailed information about this topic

Replacing products

A product can be replaced by another product at a specified time. All employees who have requested this product are notified by an email telling them to request a replacement product.

To replace a product with another one

  1. In the Manager, select the IT Shop > Service catalog > Hierarchical by service categories > <service category> category.

    - OR -

    In the Manager, select the IT Shop > Service catalog > Hierarchical by service categories > Singles category.

  2. Select the product's service item to replace in the result list.

  3. Select the Change product task.

  4. Enter the following data:

    • Expiry date: Date on which the product is replaced by a different product.

    • Alternative product: Service item that can be requested instead.

  5. Click OK.
Related topics

Preparing the IT Shop for multi-factor authentication

You can use multi-factor authentication for specific security-critical resource requests, which requires every requester or approver to enter a security code for the request or request approval. Define which products require this authentication in your service items.

Use One Identity Manager One Identity Starling Two-Factor Authentication for multi-factor authentication. The authentication information required is defined in the subparameters under the QER | Person | Starling or the QER | Person | Defender configuration parameter. For detailed information about setting up multi-factor authentication, see the One Identity Manager Authorization and Authentication Guide.

To use multi-factor authentication in the IT Shop

  1. Set up multi-factor authentication as described in the One Identity Manager Authorization and Authentication Guide.

  2. In the Manager, create service items for the product that can only be requested with multi-factor authentication.

    • Enable the Approval by multi-factor authentication option.

    TIP: If the requester is also going to use multi-factor authentication, assign terms of use to the service item. For more information, see Using multi-factor authentication for requests.
IMPORTANT: An approval cannot be sent by email if multi-factor authentication is configured for the requested product. Approval mails for such requests produce an error message.

For more information about requesting products requiring multi-factor authentication and about canceling products, see the One Identity Manager Web Designer Web Portal User Guide.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating