Chat now with support
Chat with Support

Identity Manager 8.0 - IT Shop Administration Guide

Setting up an IT Shop Solution
One Identity Manager Users in the IT Shop Putting the IT Shop into Operation Requestable Products Preparing Products for Requesting Assigning and Removing Products Preparing the IT Shop for Multi-factor Authentication Assignment Requests and Delegating Creating IT Shop Requests from Existing User Accounts, Assignments and Role Memberships Adding Groups Automatically to the IT Shop
Approval Processes for IT Shop Requests
Editing Approval Policies Approval Workflows Determining Effective Approval Policies Selecting Responsible Approvers Request Risk Analysis Testing Requests for Rule Compliance Approving Requests from an Approver Automatic Request Approval Obtaining Other Information about Requests by an Approver Appointing Other Approvers Setting up an Approval Step Approvers cannot be Established Automatic Approval on Timeout Abort Request on Timeout Approval through Chief Approval Team Approving Requests with Terms of Use Using Default Approval Processes
Request Sequence Managing an IT Shop
IT Shop Base Data Setting up IT Shop Structures Setting Up a Customer Node Deleting IT Shop Structures Templates for Automatically Filling the IT Shop Creating Custom Mail Templates for Notifications request templates
Default Solution for Requesting System Entitlements Error Handling Appendix: Configuration Parameters for the IT Shop Appendix: Request Statuses Appendix: Example of Request Results

Add Assignment Resources to IT Shop

Add Assignment Resources to IT Shop

An assignment resource can be requested by shop customers when it is assigned to an IT Shop shelf.

To add a resource assignment to the IT Shop

  1. Select the category Entitlements | Assignment resource for IT Shop.
  2. Select the assignment resource in the result list.
  3. Select Add to IT Shop in the task view.
  4. Assign the assignment resource to the IT Shop shelf in Add assignments.
  5. Save the changes.

To remove an assignment resource from all IT Shop shelves.

  1. Select the category Entitlements | Assignment resource for IT Shop.
  2. Select the assignment resource in the result list.
  3. Select Add to IT Shop in the task view.
  4. Remove the assignment resource to the IT Shop shelf from Remove assignments.
  5. Save the changes.

To remove an assignment resource from all IT Shop shelves.

  1. Select the category Entitlements | Assignment resource for IT Shop.
  2. Select the assignment resource in the result list.
  3. Select Remove from all shelves (IT Shop) in the task view.
  4. Confirm the security prompt with Yes.
  5. Click OK.

    The assignment resource is removed from all shelves by the One Identity Manager Service. All assignment requests with this assignment resource are canceled in the process.

Creating IT Shop Requests from Existing User Accounts, Assignments and Role Memberships

Creating IT Shop Requests from Existing User Accounts, Assignments and Role Memberships

You can create IT Shop requests for existing user accounts, membership in system entitlements, assignments to employees and hierarchical roles when One Identity Manager goes into operation. One Identity Manager provides several methods to implement this. Using these methods, requests are created that are completed and approved. These request can therefore be canceled at a later date. In addition to the initial request data, you can run a custom script from each method that sets other custom properties for a request.

Table 27: Methods for Transforming Direct Assignments into Requests
Method Description
CreateITShopOrder (string CustomScriptName) Creates a request from a direct assignment. This method can be applied to all tables used to find a UID_Person.
CreateITShopOrder (string uidOrgProduct, string uidPersonOrdered, string CustomScriptName) Creates an assignment request from an assignment or membership. This method can be applied to all tables which cannot be used to find a UID_Person.
CreateITShopOrder (string uidOrgProduct, string uidWorkdeskOrdered, string uidPersonOrdered, string CustomScriptName)

Creates an assignment request from an assignment or membership and, in addition, saves a UID_WorkdeskOrdered with the request procedure.

CreateITShopWorkdeskOrder (string uidPerson, string CustomScriptName) Creates a request for a workdesk from a direct assignment. This method can be applied to the tables WorkDeskHasApp, WorkDeskHasESet and WorkDeskHasDriver.

To run the methods

  1. Create a script in the Designer with the Script Editor to call the desired method.

    You can find an example script for calling a Customizer method in VB syntax on the One Identity Manager installation medium in directory ..\Modules\QBM\AddOn\SDK\ScriptSamples\03 Using database objects\11 Call database object methods.vb. You can use this example script as a template to create a script for call the methods described here.

  2. Run the script.

    You can use the script test from the Script Editor to do this.

For more information about creating scripts, see the One Identity Manager Configuration Guide.

Creating Requests for Employees

Creating Requests for Employees

You can create requests for employees or memberships in system entitlements with the method CreateITShopOrder (string CustomScriptName). Prepare the IT Shop correspondingly in order to create the requests.

To create requests from direct assignments to employees or memberships in system entitlements

  1. Prepare the company resources or system entitlements for use in the IT Shop.
  2. Assign the company resources or system entitlements to a shelf in the IT Shop.
  3. Link each user account for whose memberships requests are to be created, with an employee.
  4. Add employee as customers to shops to which the company resources or system entitlements are assigned as products.
  5. Optional: Create a script that populates other properties of the requests.
    • Pass the script name as a parameter to the method CustomScriptName.
  6. Create a script to run the method CreateITShopOrder (string CustomScriptName) for the affected tables.

To create One Identity Manager requests from direct assignments to employees

  1. Determine employees and their assigned company resources.
  2. Determine shops assigned to company resources and employees.
  1. Create the requests with initial data.
  2. Execute custom scripts.
  3. Save the requests (entry in table PersonWantsOrg).
  1. Assign employees to the product structure (entry in table PersonInITShopOrg).
  2. Transform direct company resource assignments into indirect assignments to employees (for example, in the table PersonHasQERResource).

This is how the One Identity Manager creates requests for system entitlements memberships:

  1. Establish the user accounts and their memberships.
  2. Determine the affected employees.
  3. Determine the shops to which employees and the system entitlements are assigned.
  1. Create the requests with initial data.
  2. Execute custom scripts.
  3. Save the requests (entry in table PersonWantsOrg).
  1. Assign employees to the product structure (entry in table PersonInITShopOrg).
  2. Transform direct company memberships into indirect memberships for affected user accounts (for example, in the table ADSAccountInADSGroup).
Related Topics

Creating User Account Requests

Creating User Account Requests

To assign user accounts to employees, use One Identity Manager account definitions. You can request matching account definitions for existing user accounts linked to the employees through the IT Shop. To create these requests, you can use the method CreateITShopOrder (string CustomScriptName). This method can be used for all user account tables (for example, ADSAccount or SAPUser) and for the tables ADSContact, EX0MailBox, EX0MailContact and EX0MailUser.

Prepare the IT Shop correspondingly in order to create the requests.

To create requests for user accounts

  1. Create an account definition for the target system. Assign the account definition to the target system.
  2. Prepare the account definition for use in the IT Shop.
  3. Assign the account definition to a shelf in the IT Shop.
  4. Link the user account to an employee.
  5. Add employee as customers to shops to which the account definition is assigned as product.
  6. Optional: Create a script that populates other properties of the requests.
    • Pass the script name as a parameter to the method CustomScriptName.
  7. Create a script, which runs the method for the tables affected.

To create One Identity Manager request for user accounts

  1. Determine the valid account definition.
  2. Determine the affected employees.
  3. Determine the shops to which employees and the account definition are assigned.
  1. Create the requests with initial data.
  2. Execute custom scripts.
  3. Save the requests (entry in table PersonWantsOrg).
  1. Assign employees to the product structure (entry in table PersonInITShopOrg).
  2. Transform any possible direct account definition assignments to indirect assignments (entry in table PersonHasTSBAccountDef).
Related Topics
Related Documents