Setting up an IT Shop Solution
One Identity Manager Users in the IT Shop
Putting the IT Shop into Operation
Requestable Products
Preparing Products for Requesting
Approval Processes for IT Shop Requests
Entering Service Items
Assigning and Removing Products
Preparing the IT Shop for Multi-factor Authentication
General Master Data for a Service Item
Pricing Information
Extended Master Data for a Service Item
Default Service Items
Additional Tasks for Managing Service Items
Entering Service Categories
Service Item Overview
Editing Product Dependencies for Requests
Assign Hierarchical Roles
Assign Function Areas
assign extended properties
Displaying Websites
Changing Products
Assign Tag
Assign Object Dependent References
Specifying Products Dependencies
Reports about Service Items
Service Category Master Data
Default Service Categories
Additional Tasks for Managing Service Categories
Entering Product Specific Request Properties
Products with a Limited Request Period
Product Request on Customer or Product Relocation
Non-Requestable Products
Entering Terms of Use
Entering Tags
Editing Table Properties
Preparing Starling 2FA Token Requests
Using Multi-Factoring for Requests
Requesting a Security Code
Assignment Requests and Delegating
Standard Products for Assignment Requests and Delegation
Requesting Single Business Roles
Customizing Assignment Requests
Preparing for Delegation
Notifying Delegates
Canceling Assignments and Delegations
Removing a Customer from a Shop
Setting up Assignment Resources
Creating IT Shop Requests from Existing User Accounts, Assignments and Role Memberships
Creating Requests for Employees
Creating User Account Requests
Creating Requests for Workdesks
Creating Assignment Requests
Adding Groups Automatically to the IT Shop
Editing Approval Policies
Request Sequence
General Master Data for Approval Policies
Default Approval Policies
Additional Tasks for Approval Policies
Approval Workflows
Working with the Workflow Editor
Setting Up Approval Workflows
Additional Tasks for Approval Workflows
Deleting Approval Workflows
Default Approval Workflows
Determining Effective Approval Policies
Selecting Responsible Approvers
Default Approval Procedures
Request Risk Analysis
Testing Requests for Rule Compliance
Approving Requests from an Approver
Automatic Request Approval
Obtaining Other Information about Requests by an Approver
Appointing Other Approvers
Setting up an Approval Step
Approvers cannot be Established
Automatic Approval on Timeout
Abort Request on Timeout
Approval through Chief Approval Team
Approving Requests with Terms of Use
Using Default Approval Processes
Self-Service
Using IT Shop Structures to Find Approvers
Using the Request Recipient to find Approvers
Using a Specific Role to find Approvers
Using the Requested Product to Find Approvers
Using an Approval Role to Find Approvers
Using a Cost Center to Find Approvers
Using a Department to Find Approvers
Using a Requested Role to find Approvers
Deferred Request Approval
Calculated approval
Making External Approvals
Finding Requesters
Setting up Approval Procedures
Deleting Approval Procedures
Determining Approvers
Requests Overview
Multiple Requests for one Product
Requests with Limited Validity Period
Relocating a Customer or Product to another Shop
Requests for Employees
Request Change of Manager for an Employee
Canceling a Request
Notifications in the Request Process
Managing an IT Shop
Demands for Approval
Remind Approver
Scheduled Approval Demands
Limited Period Request Sequence
Request Granting or Denying Approval
Request Abort
Escalating a Request
Self-Service
Approval Rejection
Notifications with Questions
Request Approval through Additional Approvers
Unsubscribing an Approved Request
Product Change Notification
Default Mail Templates
Bulk Delegation Notifications
Approval by Mail
Requests with Limited Validity Period for Challenged Role Memberships
Requests from Permanently Disabled Employees
Deleting Requests
IT Shop Base Data
Default Solution for Requesting System Entitlements
Role Types
Processing status
Role Classes
Attestors
Product owners
Chief approval team
Business Partners
Functional areas
Standard Reasons
Setting up IT Shop Structures
General Master Data for a IT Shop Structure
User Defined Data for a IT Shop Structure
Additional Tasks for IT Shop Structures
Setting Up a Customer Node
General Master Data for a Customer Node
General Master Data for a Customer Node
Additional Tasks for Customer Nodes
Deleting IT Shop Structures
Templates for Automatically Filling the IT Shop
Implementing Shelf Templates in a IT Shop Solution
Editing Shelf Templates
Creating Custom Mail Templates for Notifications
General Master Data for a Shelf Template
User Defined Master Data for a Shelf Template
Additional Tasks for Shelf Templates
Assigning Shelf Templates to Shops and Shopping Center Templates
Deleting Shelf Templates
General Properties of a Mail Template
Creating and Editing an Email Definition
Custom Notification Processes
request templates
Adding an SharePoint Group
Adding an Active Directory Group
Modifying an Active Directory Group
Deleting an Active Directory Group
Requesting Groups Memberships
Error Handling
Appendix: Configuration Parameters for the IT Shop
Appendix: Request Statuses
Appendix: Example of Request Results
Relocating a Product to another Shelf
Setting up an IT Shop Solution > Assigning and Removing Products > Relocating a Product to another Shelf
Relocating a Product to another Shelf
A product can be moved to another shelf. If the shelf is in another shop, the system checks whether the request recipient is also a customer in the new shop.
To move a product to another shelf
|
|
NOTE: Standard products cannot be moved. |
- Select the category IT Shop | IT Shop | <shop> | Shelf: <shelf>.
- Select an object in the result list.
- Select Move to another shelf.... in the task view.
- Select the new shelf.
- Click OK.
Detailed information about this topic
Changing a Product
Changing a Product
A product can be replaced by another product at a specified time. All employees that have requested this product are notified by an email telling them to request a replacement product.
To replace a product with another one
- Select the category IT Shop | Service catalog | Hierarchical view | <service category>.
- OR -
Select the category IT Shop | Service catalog | Hierarchical view | Singles.
- Select the product's service item to replace in the result list.
- Select Change product... in the task view.
- Enter the date on which the product will be replaced by another one in Expiry date.
- Enter the service item that can be requested instead in Alternative product.
- Click OK.
Related Topics
Preparing the IT Shop for Multi-factor Authentication
Preparing the IT Shop for Multi-factor Authentication
| Configuration Parameter | Meaning |
|---|---|
| QER\Person\Defender | This configuration parameter specifies whether Starling Two-Factor Authentication is supported. |
|
QER\Person\Defender\ApiEndpoint |
This configuration parameter contains the URL of the Starling 2FA API end point used to register new users. |
| QER\Person\Defender\ApiKey | This configuration parameter contains your company's subscription key for accessing the Starling Two-Factor Authentication interface. |
You can set up additional authentication for particularly security critical resource requests, which requires every requester or approver to enter a security code for the request or request approval. Define which products require this authentication in your service items. Use One Identity Manager One Identity Starling Two-Factor Authentication for multi-factor authentication.
To be able to use multi-factor authentication
- Register your company in Starling Two-Factor Authentication.
For more detailed information, see the Starling Two-Factor Authentication documentation.
- Set the configuration parameter "QER\Person\Defender" in the Designer.
- Set the configuration parameter "QER\Person\Defender\ApiKey" and enter your company's subscription key as the value for accessing the Starling Two-Factor Authentication interface.
- Enable assigning by event for the table PersonHasQERResource. For more information, see Editing Table Properties.
- Enable the service item "New Manager token" in the Starling 2FA. For more information, see Preparing Starling 2FA Token Requests.
- Create service items for the product in the Manager, which can only be requested with multi-factor authentication.
- Set the option Approval by multi-factor authentication. For more information, see General Master Data for a Service Item.
TIP: Assign terms of use to the service item if the requester is also going to use multi-factor authentication. For more information, see Using Multi-Factoring for Requests.
If he user's telephone number has changed, cancel the current Starling 2FA token and request a new one. If the Starling 2FA token is no longer required, cancel it anyway.
|
|
IMPORTANT: An |
Related Topics
You can find detailed information about
- For requesting Starling 2FA tokens.
- Requesting products requiring multi-factor authentiation
- Canceling products
in the One Identity Manager Web Portal User Guide.
Editing Table Properties
Setting up an IT Shop Solution > Preparing the IT Shop for Multi-factor Authentication > Editing Table Properties
|
|
NOTE: If the option "Assign by event" is set, the process "HandleObjectComponent" is queued in the Job queue immediately after a resource is added to or removed from an employee. |
To enable assigning by event for a table
- Select the category One Identity Manager Schema in the Designer.
- Select the table PersonHasQERResource and start the Schema Editor from the task Show table definition.
- Select the view Table properties | Table and set the option Assign by event.
- Save the changes.
For more information about editing table definitions, see the One Identity Manager Configuration Guide.