Chat now with support
Chat with Support

Identity Manager 8.0 - IT Shop Administration Guide

Setting up an IT Shop Solution
One Identity Manager Users in the IT Shop Putting the IT Shop into Operation Requestable Products Preparing Products for Requesting Assigning and Removing Products Preparing the IT Shop for Multi-factor Authentication Assignment Requests and Delegating Creating IT Shop Requests from Existing User Accounts, Assignments and Role Memberships Adding Groups Automatically to the IT Shop
Approval Processes for IT Shop Requests
Editing Approval Policies Approval Workflows Determining Effective Approval Policies Selecting Responsible Approvers Request Risk Analysis Testing Requests for Rule Compliance Approving Requests from an Approver Automatic Request Approval Obtaining Other Information about Requests by an Approver Appointing Other Approvers Setting up an Approval Step Approvers cannot be Established Automatic Approval on Timeout Abort Request on Timeout Approval through Chief Approval Team Approving Requests with Terms of Use Using Default Approval Processes
Request Sequence Managing an IT Shop
IT Shop Base Data Setting up IT Shop Structures Setting Up a Customer Node Deleting IT Shop Structures Templates for Automatically Filling the IT Shop Creating Custom Mail Templates for Notifications request templates
Default Solution for Requesting System Entitlements Error Handling Appendix: Configuration Parameters for the IT Shop Appendix: Request Statuses Appendix: Example of Request Results

Relocating a Product to another Shelf

Relocating a Product to another Shelf

A product can be moved to another shelf. If the shelf is in another shop, the system checks whether the request recipient is also a customer in the new shop.

To move a product to another shelf

NOTE: Standard products cannot be moved.
  1. Select the category IT Shop | IT Shop | <shop> | Shelf: <shelf>.
  2. Select an object in the result list.
  3. Select Move to another shelf.... in the task view.
  4. Select the new shelf.
  5. Click OK.
Detailed information about this topic

Changing a Product

Changing a Product

A product can be replaced by another product at a specified time. All employees that have requested this product are notified by an email telling them to request a replacement product.

To replace a product with another one

  1. Select the category IT Shop | Service catalog | Hierarchical view | <service category>.

    - OR -

    Select the category IT Shop | Service catalog | Hierarchical view | Singles.

  2. Select the product's service item to replace in the result list.
  3. Select Change product... in the task view.
  4. Enter the date on which the product will be replaced by another one in Expiry date.
  5. Enter the service item that can be requested instead in Alternative product.
  6. Click OK.
Related Topics

Preparing the IT Shop for Multi-factor Authentication

Preparing the IT Shop for Multi-factor Authentication

Table 19: Multi-factor Authentication Configuration Parameters
Configuration Parameter Meaning
QER\Person\Defender This configuration parameter specifies whether Starling Two-Factor Authentication is supported.

QER\Person\Defender\ApiEndpoint

This configuration parameter contains the URL of the Starling 2FA API end point used to register new users.

QER\Person\Defender\ApiKey This configuration parameter contains your company's subscription key for accessing the Starling Two-Factor Authentication interface.

You can set up additional authentication for particularly security critical resource requests, which requires every requester or approver to enter a security code for the request or request approval. Define which products require this authentication in your service items. Use One Identity Manager One Identity Starling Two-Factor Authentication for multi-factor authentication.

To be able to use multi-factor authentication

  1. Register your company in Starling Two-Factor Authentication.

    For more detailed information, see the Starling Two-Factor Authentication documentation.

  2. Set the configuration parameter "QER\Person\Defender" in the Designer.
    • Set the configuration parameter "QER\Person\Defender\ApiKey" and enter your company's subscription key as the value for accessing the Starling Two-Factor Authentication interface.
  3. Enable assigning by event for the table PersonHasQERResource. For more information, see Editing Table Properties.
  4. Enable the service item "New Manager token" in the Starling 2FA. For more information, see Preparing Starling 2FA Token Requests.
  5. Create service items for the product in the Manager, which can only be requested with multi-factor authentication.

    TIP: Assign terms of use to the service item if the requester is also going to use multi-factor authentication. For more information, see Using Multi-Factoring for Requests.

If he user's telephone number has changed, cancel the current Starling 2FA token and request a new one. If the Starling 2FA token is no longer required, cancel it anyway.

IMPORTANT: An approval is not possible by email, if multi-factor authorization is configured for the requested product. Approval emails for such requests produce an error message.
Related Topics

You can find detailed information about

  • For requesting Starling 2FA tokens.
  • Requesting products requiring multi-factor authentiation
  • Canceling products

in the One Identity Manager Web Portal User Guide.

Editing Table Properties

NOTE: If the option "Assign by event" is set, the process "HandleObjectComponent" is queued in the Job queue immediately after a resource is added to or removed from an employee.

To enable assigning by event for a table

  1. Select the category One Identity Manager Schema in the Designer.
  2. Select the table PersonHasQERResource and start the Schema Editor from the task Show table definition.
  3. Select the view Table properties | Table and set the option Assign by event.
  4. Save the changes.

For more information about editing table definitions, see the One Identity Manager Configuration Guide.

Related Documents