Chat now with support
Chat with Support

Identity Manager 8.0 - IT Shop Administration Guide

Setting up an IT Shop Solution
One Identity Manager Users in the IT Shop Putting the IT Shop into Operation Requestable Products Preparing Products for Requesting Assigning and Removing Products Preparing the IT Shop for Multi-factor Authentication Assignment Requests and Delegating Creating IT Shop Requests from Existing User Accounts, Assignments and Role Memberships Adding Groups Automatically to the IT Shop
Approval Processes for IT Shop Requests
Editing Approval Policies Approval Workflows Determining Effective Approval Policies Selecting Responsible Approvers Request Risk Analysis Testing Requests for Rule Compliance Approving Requests from an Approver Automatic Request Approval Obtaining Other Information about Requests by an Approver Appointing Other Approvers Setting up an Approval Step Approvers cannot be Established Automatic Approval on Timeout Abort Request on Timeout Approval through Chief Approval Team Approving Requests with Terms of Use Using Default Approval Processes
Request Sequence Managing an IT Shop
IT Shop Base Data Setting up IT Shop Structures Setting Up a Customer Node Deleting IT Shop Structures Templates for Automatically Filling the IT Shop Creating Custom Mail Templates for Notifications request templates
Default Solution for Requesting System Entitlements Error Handling Appendix: Configuration Parameters for the IT Shop Appendix: Request Statuses Appendix: Example of Request Results

Selecting Responsible Approvers

Selecting Responsible Approvers

One Identity Manager can make approvals automatically in an approval process or through approvers. An approver is an employee or a group of employees who can grant or deny approval for a request (renewal or cancellation) within an approval process. It takes several approval procedures to grant or deny approval. You specify in the approval step which approval procedure should be used.

If there are several people are determined as approvers by an approval procedure, the number given in the approval step specifies how many people must approve the step. The request can only be passed onto approvers in next level when this has been done. If an approver cannot be found for an approval step, the request is aborted.

One Identity Manager provides approval procedures by default. You can also define your own approval procedures.

The DBQueue Processor calculates which person has the authority to grant approval at which level. Take into account the special cases for each approval procedure when setting up the approval workflows to determine those authorized to grant approval.

Default Approval Procedures

The following approval procedures are defined to select the responsible approvers by default.

Table 38: Approval Procedures for IT Shop Requests
Approval Procedure Approval Procedure Name Responsible Approvers
BR Back to recipient Employee to receive the request
BS Back to requester Employee who made the request
CD Calculated approval -
CM Recipient's manager Managers
CR Compliance risk analysis -
D0 Manager of shelf's department Manager and deputy manager
D1 Manager of shop's department Manager and deputy manager
D2 Manager of shopping center's department Manager and deputy manager
DI Named IT approvers of department provided in request All members of the assigned application role
DM Manager of recipient's department Manager and deputy manager
DP Manager of department provided in request Manager and deputy manager
DR Named approvers of department provided in request All members of the assigned application role
EX Making External Approvals -
H0 Shelf owner Owner and deputy
H1 Shop owner Owner and deputy
H2 Shopping center owner Owner and deputy
ID Named IT approvers of recipient's department All members of the assigned application role
IL Named IT approvers of recipient's location All members of the assigned application role
IO named IT approvers of recipient's primary role All members of the assigned application role
IP Named IT approvers of recipient's cost center All members of the assigned application role
MS Manager of the requested business role or organization Manager and deputy of the business role, department, cost center or location requested by request assignment.
OA Product owners All members of the assigned application role
OC Exception approvers for violated rules All members of the assigned application role
OH Exception approver for worst rule violation All members of the assigned application role
OM Specific role Manager Manager of the role selected in the approval workflow.
OR Members of a certain role All employees that are assigned to a secondary business role.
P0 Manager of shelf's cost center Manager and deputy manager
P1 Manager of shop's cost center Manager and deputy manager
P2 Manager of shopping center's cost center Manager and deputy manager
PA Additional owner of Active Directory group All employee to be found through the additional owner of the requested Active Directory group.
PI Named IT approvers of cost center provided in request All members of the assigned application role
PM Manager of recipient's cost center Manager and deputy manager
PP Manager of cost center provided in request Manager and deputy manager
PR Named approvers of cost center provided in request All members of the assigned application role
RD Named approvers of cost center provided in request All members of the assigned application role
RI Employee's risk index -
RL Named approvers of recipient's location All members of the assigned application role
RO Named approvers of recipient's primary role All members of the assigned application role
RP Named approvers of recipient's cost center All members of the assigned application role
SB Self-Service -
TO Target system manager of the requested system entitlement All members of the assigned application role
WC Waiting for further approval -

Self-Service

Self-Service

Use the approval procedure "SB" (self-service) to approve requests automatically. You do not have to specify approvers for this approval procedure. A self-service request is always granted approval. Always define an approval workflow with the approval procedure "SB" as a one-step workflow. That means, you cannot set up more approval steps in addition to a self-service approval step.

The approval workflow and the approval policy are available by default and assigned to the shop "Identity & Access Lifecycle".

Using IT Shop Structures to Find Approvers

Using IT Shop Structures to Find Approvers

Use the following approval procedures to establish an IT Shop structure owner, an IT Shop structure department manager or an IT Shop structure cost center manager as approver.

Table 39: Approval Procedures for Determining Approvers for IT Shop Structures
Approval Procedure Approver
The IT Shop structure from which the request comes is assigned an owner or a deputy.

H0

H1

H2

Owner and deputy of the shelf

Owner and deputy of the shop

Owner and deputy of the shopping center

A department is assigned to the IT Shop structure from which the request is made.

The department is assigned a manager or a deputy manager.

D0

D1

D2

Manager and deputy manager of the department's shelf

Manager and deputy manager of the department's shop

Manager and deputy manager of the department's shopping center

A cost center is assigned to the IT Shop structure from which the request is made.

The cost center is assigned a manager or a deputy manager.

P0

P1

P2

Manager and deputy manager of the cost center's shelf

Manager and deputy manager of the cost center's shop

Manager and deputy manager of the cost center's shopping center

Related Documents