Chat now with support
Chat with Support

Identity Manager 8.0 - IT Shop Administration Guide

Setting up an IT Shop Solution
One Identity Manager Users in the IT Shop Putting the IT Shop into Operation Requestable Products Preparing Products for Requesting Assigning and Removing Products Preparing the IT Shop for Multi-factor Authentication Assignment Requests and Delegating Creating IT Shop Requests from Existing User Accounts, Assignments and Role Memberships Adding Groups Automatically to the IT Shop
Approval Processes for IT Shop Requests
Editing Approval Policies Approval Workflows Determining Effective Approval Policies Selecting Responsible Approvers Request Risk Analysis Testing Requests for Rule Compliance Approving Requests from an Approver Automatic Request Approval Obtaining Other Information about Requests by an Approver Appointing Other Approvers Setting up an Approval Step Approvers cannot be Established Automatic Approval on Timeout Abort Request on Timeout Approval through Chief Approval Team Approving Requests with Terms of Use Using Default Approval Processes
Request Sequence Managing an IT Shop
IT Shop Base Data Setting up IT Shop Structures Setting Up a Customer Node Deleting IT Shop Structures Templates for Automatically Filling the IT Shop Creating Custom Mail Templates for Notifications request templates
Default Solution for Requesting System Entitlements Error Handling Appendix: Configuration Parameters for the IT Shop Appendix: Request Statuses Appendix: Example of Request Results

Notifying Delegates

Notifying Delegates

A delegator can, if required, receive notifications if the recipient of the delegation has made an approval decision in the IT Shop. Notification is sent once an employee has been determined as an approver due to delegation and has made an approval decision for the request.

Delegations are taken into account in the following default approval procedures.

Table 25: Delegation Relevant Default Approval Procedures
Delegation of Approval Procedures
Department responsibilities D0, D1, D2, DM, DP
Cost center responsibilities P0, P1, P2, PM, PP
Location responsibilities None
Business role responsibilities OM
Employee responsibilities CM
IT Shop structure responsibilities H0, H1, H2
Memberships in business roles OR
Memberships in application roles DI, DR, ID, IL, IO, IP, OA, OC, OH, PI, PR, RD, RL, RO, RP, TO
Example

Jon Blogs is responsible for the business role R1. He delegates his responsibility for the business role to Clara Harris. Clara Harris is herself responsible for business role R2.

A member of the business role R1 orders a product in IT Shop. Jon Blogs is established as approver through the approval procedure "OM - Manager of a specific role" in the approval process. The request is assigned to Clara Harris for approval through delegation. Jon Blogs is notified as soon as Clara Harris has made her approval decision.

A member of the business role R2 orders a product in the IT Shop. Clara Harris is established as approver through the approval procedure "OM - Manager of a specific role" in the approval process. No notification is sent because Clara Harris does not make the approval decision due to delegation.

Bulk delegation

You have the option to delegate all your responsibilities to one person in the Web Portal. If you have a lot of responsibilities, it is possible that not all the delegations are carried out. A delegators can send a notification to themselves if an error occurs.

Detailed information about this topic
Related Topics

Canceling Assignments and Delegations

Canceling Assignments and Delegations

Assignments and delegations can, like all other products, be canceled through the Web Portal. You should limit the delegation time period when you make the request. These requests are automatically canceled when the validity period expires.

Detailed information about this topic

Removing a Customer from a Shop

If a customer has requested assignments through a shop or has delegated role memberships and is removed from the shop at a later date, the assignment request is closed and the assignments revoked or delegation ended. In this case however, assignments to roles should be retained if required.

To prevent the assignment being revoked

  1. Select the category Entitlements | Assignment resource for IT Shop.
  2. Select the assignment resource in the result list.
  3. Select Change master data in the task view.
  4. Set Keeps requested assignment resource.
  5. Save the changes.

If this option is set, requested role assignments are converted into direct assignments if the request recipient is removed from the customer node. The direct assignment can be deleted in the Web Portal by the role manager.

This option is set by default on the default assignment resource "Role entitlement assignments".

NOTE: This option does not influence membership requests in roles or delegation.

Membership assignments are not removed, if the requester is removed from the customer node. They are removed when the recipient of the assignment request is deleted from the customer node.

Delegations are ended when the delegate is deleted from the customer node.

Related Topics

Setting up Assignment Resources

To edit default assignment resources

  1. Select the category Entitlements | Assignment resource for IT Shop.
  2. Select the assignment resource in the result list. Select Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit the assignment resource's master data.
  4. Save the changes.
Related Documents