Chat now with support
Chat with Support

Identity Manager On Demand Hosted - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining the effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Templates for automatically filling the IT Shop Custom mail templates for notifications Request templates Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Deleting approval workflows

The approval workflow can only be deleted if it is not assigned to an approval policy.

To delete an approval workflow

  1. Remove all assignments to approval policies.

    1. Check to which approval policies the approval workflow is assigned.

    2. Go to the main data form for the approval policy and assign a different approval workflow.

  2. In the Manager, select the IT Shop > Basic configuration data > Approval workflows category.

  3. Select an approval workflow in the result list.

  4. Click .

  5. Confirm the security prompt with Yes.
Detailed information about this topic

Default approval workflows

One Identity Manager provides approval workflows by default. These approval workflows are used in the Identity & Access Lifecycle shop approval processes. Each default approval workflow is linked to a default approval policy. You can edit different properties of the approval step, for example, to configure notifications in the request process.

To edit default approval workflows

  • In the Manager, select the IT Shop > Basic configuration data > Approval workflows > Predefined category.

Determining the effective approval policies

You can apply approval policies to different IT Shop structures and service items. If you have several approval policies within your IT Shop, which policy is to be used is based on the rules that are specified.

Effective approval policies are defined in the following way:

  1. The effective approval policy is the one assigned to the requested service item.

  2. If there is no approval policy assigned to the service item, the approval policy from the service category is used.

  3. If there is no approval policy assigned to the service item, the approval policy assigned to the requested product’s shelf is used.

  4. If there is no approval policy assigned to the shelf, one of the approval policies assigned to the shop is used.

  5. If there is no approval policy assigned to the shop, one of the approval policies assigned to the shopping center is used.

An approval policy found by one of these methods is applied under the following conditions:

  • The approval policy is not assigned a role type.

    - OR -

  • The assigned role type corresponds to the shelf role type.

If more several effective approval policies are identified by the rules, the effective approval policy is determined by the following criteria (in the given order).

  1. The approval policy has the highest priority (alphanumeric sequence).

  2. The approval policy has the lowest number of approval steps.

  3. The first approval policy found is taken.


  • If no approval policy can be found for a product, a request cannot be started.

    The same applies for renewals and unsubscriptions.

  • If no approver can be determined for one level of an approval policy, the request can be neither approved nor denied.

    • Pending requests are rejected and closed.

    • Unsubscriptions cannot be approved. Therefore, unsubscribed products remain assigned.

    • Renewals cannot be approved. Therefore, products for renewal remain assigned until the valid until date is reached.

NOTE: If an approval workflow for pending requests changes, you must decide how to proceed with these requests. Configuration parameters are used to define the desired procedure.

For more information, see Changing approval workflows of pending requests.

Related topics

Approvers for renewals

Once the currently effective approval policy has been identified, the actual approvers are determined by the approval workflow specified by it. When requests are renewed, a renewal workflow is run. If no renewal workflow is stored with the approval policy, approvers are determined by the approval workflow.

If no approvers can be identified for a renewal, then the renewal is denied. The product remains assigned only until the Valid until date. The request is then canceled and the assignment is removed.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating