Chat now with support
Chat with Support

Identity Manager 8.0 - IT Shop Administration Guide

Setting up an IT Shop Solution
One Identity Manager Users in the IT Shop Putting the IT Shop into Operation Requestable Products Preparing Products for Requesting Assigning and Removing Products Preparing the IT Shop for Multi-factor Authentication Assignment Requests and Delegating Creating IT Shop Requests from Existing User Accounts, Assignments and Role Memberships Adding Groups Automatically to the IT Shop
Approval Processes for IT Shop Requests
Editing Approval Policies Approval Workflows Determining Effective Approval Policies Selecting Responsible Approvers Request Risk Analysis Testing Requests for Rule Compliance Approving Requests from an Approver Automatic Request Approval Obtaining Other Information about Requests by an Approver Appointing Other Approvers Setting up an Approval Step Approvers cannot be Established Automatic Approval on Timeout Abort Request on Timeout Approval through Chief Approval Team Approving Requests with Terms of Use Using Default Approval Processes
Request Sequence Managing an IT Shop
IT Shop Base Data Setting up IT Shop Structures Setting Up a Customer Node Deleting IT Shop Structures Templates for Automatically Filling the IT Shop Creating Custom Mail Templates for Notifications request templates
Default Solution for Requesting System Entitlements Error Handling Appendix: Configuration Parameters for the IT Shop Appendix: Request Statuses Appendix: Example of Request Results

Setting up an Approval Step

Setting up an Approval Step

The following data is requires for an approval step. If you add a new approval step, you must fill out the compulsory fields.

Table 34: Setting up an Approval Step
Property Meaning

Single step

Approval step name.

Approval Procedure

Procedure to use for determining approvers.

Processing status

Processing status of the success or failure case of the approval step. The processing status for the request is set corresponding to the decision and whether it has been made positively or negatively.

Mail templates

Mail template that is used for email notifications for granting or denying approval, escalation, abort, rejection or delegation of a request as well as a reminder.

Relevance for compliance

Specifies whether the approver is notified when a rule violation is caused by a request. The following values are permitted:

Table 35: Permitted Values for Relevance
Value Description
Not relevant Information about rule violations is not relevant for approvers of this approval step. No additional information is displayed for the approver in the approval process.
Information Approvers for this approval step receive information in this approval process when a compliance rule violation occurs. The approvers decided whether to grant or deny the request.
Necessary Action Approvers for this approval step receive information in this approval process when a compliance rule violation occurs. The request is automatically denied.

Condition

Condition for calculating approval with approval procedures CD, EX or WC.

Comparison value for the risk index in the approval procedure RI. Enter a number in the range 0.1 to 1.0. You can use ',' or '.' as a decimal point

Role

Hierarchical roles for determining the approver with default approval procedures "OM" and "OR".

Number of approvers

Number of approval required to approve a request. Use this number to further restrict the maximum number of approvers of the implemented approval procedure.

If there are several people allocated as approvers, then this number specifies how many people from this group have to approve a request. A request can only be passed up to next level when this has been done.

If not enough approvers can be found, the approval step is presented to the fallback approvers. The approval step is considered approved the moment one fallback approver has approved the request.

Enter the value -1 if approval decisions should be made for all the employees found using the applied approval procedure, for example all members of a role (default approval procedure "OR"). This overrides the maximum number of approvers defined in the approval procedure.

The number of approvers defined in an approval step is not taken into account in the approval procedures CD, EX or WC.

Description

Spare text box for additional explanation.

Fallback approver

Applications role whose members are authorized to approve requests if an approver cannot be determined through the approval procedure. Assign an application from the menu.

To create a new application role, click . Enter the application role name and assign a parent application role. For more information, see the One Identity Manager Application Roles Administration Guide.

NOTE: The number of approvers is not applied to the fallback approvers. The approval step is considered approved the moment one fallback approver has approved the request.

Reminder interval (hours)

Number of working hours to elapse after which the approver is notified by mail that there are still pending requests for approval.

NOTE: Ensure that a state and/or county is entered into the employee‘s master data for determining the correct working hours.

TimeOut (working hours)

Number of working hours to elapse after which the approval step is automatically granted or denied approval.

The approvers work time applies to the time calculation.

NOTE: Ensure that a state and/or county is entered into the employee‘s master data for determining the correct working hours.

Timeout behavior

Action, which is executed if the timeout expires.

Table 36: Possible Timeout Behavior
Method Description

Approval

The request is granted approval in this approval step. The next approval step is called.

Deny

The request is denied approval in this approval step. The next approval step is called.

Escalation

The request process is escalated. The escalation approval step is called.

Abort

The approval, and therefore the entire approval process for the request, is aborted.

Additional approver possible

Specifies whether a current approver is allowed to instruct another employee to be an approver. This additional approver is authorized to make approvals for the current request in parallel. The approval is not passed on to the next approval level until both approvers have made a decision.

This option can only be set for approval levels with a single, manual approval step.

Approval can be delegated

Specifies whether the current request approval approver can delegate to another employee. This employee is added to the current approval step as approver. The employee makes the approval decision instead of the approver who made the delegation.

This option can only be set for approval levels with a single, manual approval step.

Do not show in approval history

Specifies whether the approval history is visible or not. This behavior can be applied to approval steps with approval procedure "CD - calculated approval", for example, steps are only used for branching in the approval workflow. This makes it easier to follow the approval history.

No automatic approval

Specifies whether the approval step approval is decided manually. Automatic approval of multiple steps is no longer carried out.

Detailed information about this topic
Related Topics

Connecting Approval Levels

Connecting Approval Levels

When you set up an approval workflow with several approval levels, you have to connect each level with another. You may create the following links:

Table 37: Links to Approval Levels
Link Description
Approval Link to next approval level if the current approval level was granted approval.
Deny Link to next approval level if the current approval level was not granted approval.
Reroute Link to another approval level to by-pass the current approval.

Approvers can pass the approval decision through another approval level, for example, if approval is required by a manager in an individual case. To do this, create a connection to the approval level to which the approval can be rerouted. This way approvals can also be rerouted to a previous approval level, for example, if an approval decision is considered not to be well founded.

It is not possible to reroute approval steps with the approval methods "OC", "OH", "EX", "CR", "CD", "SB" or "WC".

Escalation Link to another approval level when the current approval level is escalated after timing out.

If there are no further approval levels after the current one, then the request is considered approved if the approval decision was to grant approval. If the approval is not granted, the request is finally denied. The approval method is closed in both cases.

Additional Tasks for Approval Workflows

After you have entered the master data, you can apply different tasks to it. The task view contains different forms with which you can run the following tasks.

The Approval Workflow Overview

The Approval Workflow Overview

To obtain an overview of an approval workflow

  1. Select the category IT Shop | Basic configuration data | Approval workflows.
  2. Select the approval workflow in the result list.
  3. Select Approval workflow overview in the task view.
Related Documents