Chat now with support
Chat with Support

Identity Manager 8.0 - IT Shop Administration Guide

Setting up an IT Shop Solution
One Identity Manager Users in the IT Shop Putting the IT Shop into Operation Requestable Products Preparing Products for Requesting Assigning and Removing Products Preparing the IT Shop for Multi-factor Authentication Assignment Requests and Delegating Creating IT Shop Requests from Existing User Accounts, Assignments and Role Memberships Adding Groups Automatically to the IT Shop
Approval Processes for IT Shop Requests
Editing Approval Policies Approval Workflows Determining Effective Approval Policies Selecting Responsible Approvers Request Risk Analysis Testing Requests for Rule Compliance Approving Requests from an Approver Automatic Request Approval Obtaining Other Information about Requests by an Approver Appointing Other Approvers Setting up an Approval Step Approvers cannot be Established Automatic Approval on Timeout Abort Request on Timeout Approval through Chief Approval Team Approving Requests with Terms of Use Using Default Approval Processes
Request Sequence Managing an IT Shop
IT Shop Base Data Setting up IT Shop Structures Setting Up a Customer Node Deleting IT Shop Structures Templates for Automatically Filling the IT Shop Creating Custom Mail Templates for Notifications request templates
Default Solution for Requesting System Entitlements Error Handling Appendix: Configuration Parameters for the IT Shop Appendix: Request Statuses Appendix: Example of Request Results

Requests for Employees

Requests for Employees

In the Web Portal default installation approvers can request and cancel products for other users. Approvers can only request products for users of shops they manage and where the user is an customer. Furthermore, department managers and their deputies may edit the data for employees belonging to their department.

The responsibilities are evaluated through the following database view (View).

QERVEditEmployee This view displays the department manager, his or her deputies and employees whose data can be edited.

Request Change of Manager for an Employee

Request Change of Manager for an Employee

Managers can edit master data for their employees in the Web Portal. In the same context, it is possible to define a new manager for an employee. To do this, the previous manager requests assignment of another manager. If the other manager agrees to the assignment, they are assigned to the employee as manager.

There are some prerequisites required for changing managers using the Web Portal.

  • The following objects, made available by default, are in the One Identity Manager database:
    Table 76: Default Objects for Changing Manager
    Objects Description
    Resource "New manager assignment" Used to request another manager in the IT Shop. The product is canceled the moment the new manager has been assigned.

    The service item "New manager assignment" is assigned.

    Service item "New manager assignment" Product requested when another manager is assigned

    The approval policy "New manager assignment".

    IT Shop structure "Identity & Access Lifecycle\Identity Lifecycle" This service item is assigned by default to the shelf "Identity Lifecycle" in the shop, "Identity & Access Lifecycle".
    Approval policy "New manager assignment" Specifies the approval workflow used to approve the change of manager.

    It is assigned to the approval workflow, "New manager assignment".

    Approval workflow "New manager assignment" Establishes other managers as approvers.

    If this is denied, the request is returned to the previous manager.

    Process VI_ESS_PersonWantsOrg_Set_New_Person.Manager Assigns the other manager as new manager to the employee if the change of manager is approved and the request time period is valid.

Changing Manager Sequence

  1. The previous manager edits the master data of the employee the other manager is going to take on. He or she selects an employee as manager and specifies a date from which the changes take effect.
    Table 77: Requested Changes
    Property Description
    New manager Employee to act as manager.
    Effective date Date from which changes take effect.
    Changes to run after approval

    Changes, which should be run after approval has been granted and the new manager has been assigned, for example, deleting user accounts or removing memberships in system entitlements.

    The previous manager can decided which of the changes should be run.

  2. A request is triggered with the following properties:
    Table 78: Properties for Requesting a Change of Manager
    Property Description
    Requester Previous manager.
    Recipient Employee.
    Additional request data New manager.
    Approver New manager.
    Valid from Date from which changes take effect.
    Additional information Additional changes to be made.
  3. The request is assigned to the new manager for approval who can also specify which other changes should be made after the manager has been replaced.
    1. If the manager denies approval, the request is returned to the previous manager.

      This manager can select another manager and approve the request. The request is assigned to this other manager for approval.

      The previous manager can deny request approval. The change of manager is closed. The employee’s manager is not changed.

    2. If the new manager grants approval to the request, he or she is assigned as manager to the employee as from the validity date of the request. All additional changes selected are also executed as from the validity date.
  4. Product is unsubscribed. The request is closed.

For more detailed information about assigning a new manager, see the One Identity Manager Web Portal User Guide.

Canceling a Request

Canceling a Request

Request recipients, requesters and the members of the chief approval team can cancel request that have not already be approved in the Web Portal. The approval process is canceled immediately. The request is given the status "Canceled".

For more detailed information about canceling processes in the Web Portal, see the One Identity Manager Web Portal User Guide.

To cancel a request in the Manager

  1. Select the category IT Shop | Requests | Pending requests | <filter> | <request>.
  2. Select a request procedure in the result list.
  3. Click Cancel request.
  4. Confirm the security prompt with Yes.
  5. Click OK.

Notifications in the Request Process

Notifications in the Request Process

Table 79: Configuration Parameter for Notifications
Configuration parameter Meaning
QER\ITShop\DefaultSenderAddress This configuration parameter contains the sender email address for automatically generated messages within the IT Shop.

Different email notifications can be sent to requester and approver within a request process The notification procedure uses mail templates to create notifications. The mail text in a mail template is defined in several languages. This ensures that the language of the recipient is taken into account when the email is generated. Mail templates are supplied in the default installation with which you can configure the notification procedure.

Messages are not sent ti the chief approval team by default. Fallback approvers are only notified if not enough approvers could be found for an approval step.

To use notification in the request process

  1. Ensure that the email notification system is configured in One Identity Manager. For more detailed information, see the .One Identity Manager Configuration Guide
  2. Set the configuration parameter "QER\ITShop\DefaultSenderAddress" in the Designer and enter the sender address with which the email notifications are sent.
  3. Ensure that all employees have a default email address. Notifications are sent to this address. For more detailed information, see the .One Identity Manager Identity Management Base Module Administration Guide
  4. Ensure that a language culture can be determined for all employees. Only then can they receive email notifications in their own language. For more detailed information, see the .One Identity Manager Identity Management Base Module Administration Guide
  5. Configure the notification procedure.
Related Topics
Related Documents