Chat now with support
Chat with Support

Identity Manager 8.0 - IT Shop Administration Guide

Setting up an IT Shop Solution
One Identity Manager Users in the IT Shop Putting the IT Shop into Operation Requestable Products Preparing Products for Requesting Assigning and Removing Products Preparing the IT Shop for Multi-factor Authentication Assignment Requests and Delegating Creating IT Shop Requests from Existing User Accounts, Assignments and Role Memberships Adding Groups Automatically to the IT Shop
Approval Processes for IT Shop Requests
Editing Approval Policies Approval Workflows Determining Effective Approval Policies Selecting Responsible Approvers Request Risk Analysis Testing Requests for Rule Compliance Approving Requests from an Approver Automatic Request Approval Obtaining Other Information about Requests by an Approver Appointing Other Approvers Setting up an Approval Step Approvers cannot be Established Automatic Approval on Timeout Abort Request on Timeout Approval through Chief Approval Team Approving Requests with Terms of Use Using Default Approval Processes
Request Sequence Managing an IT Shop
IT Shop Base Data Setting up IT Shop Structures Setting Up a Customer Node Deleting IT Shop Structures Templates for Automatically Filling the IT Shop Creating Custom Mail Templates for Notifications request templates
Default Solution for Requesting System Entitlements Error Handling Appendix: Configuration Parameters for the IT Shop Appendix: Request Statuses Appendix: Example of Request Results

Default Processing Status

Default Processing Status

The One Identity Manager provides the processing status by default. This processing status is used in the approval steps of the default approval workflow.

To display the default processing status

  • Select the category IT Shop | Basic configuration data | Processing status | Predefined.

Role Classes

Roles Classes

Role classes form the basis for mapping One Identity Manager structures in the IT Shop. The following role classes are available by default in the One Identity Manager:

  • IT Shop structure
  • IT Shop template

Use role classes to specify which company resources can be requested through the IT Shop. At the same time, you decide which company resources may be assigned as products to shelves and IT Shop templates.

The following options define which company resources may be assigned to IT Shop structures and IT Shop templates:

  • Assignment allowed

    This option specifies whether assignments of respective company resources are allowed in general.

  • Assignment not allowed

    This option specifies whether respective company resources can be directly assigned.

 Note: Company resources are always assigned directly to shelves and IT Shop templates. Therefore, always enable and disable both options.

To configure assignment to IT Shop structures and IT Shop templates

  1. Select the category IT Shop | Basic configuration data | Role classes.
  2. Select the role class in the result list.
  3. Select the task Configure role assignments.
  4. Use the column Allow assignments to specify whether an assignment is generally allowed.

    - AND -

    Use the column Allow direct assignments to specify whether a direct assignment is allowed.

    		 NOTE: You can only disable the options if there are no assignments of the respective objects to IT Shop structures or IT Shop templates.
  5. Save the changes.

Attestors

Attestors

Installed Module: Attestation Module

In One Identity Manager you can assign employees to IT Shop structures (shelves, shops, shopping centers, service items, service categories and shelf templates) who can be brought in as attestors in attestation cases when the approval workflow is set up appropriately. To do this, assign the IT Shop structures to application roles for attestors. Assign employees to this application role that are authorized to attest requests or other data stored in the One Identity Manager.

A default application role for attestors is available in One Identity Manager. You may create other application roles as required. For more information about application roles, see One Identity Manager Application Roles Administration Guide.

Table 105: Default Application Roles for Attestors
User Task

Attestors for IT Shop

Attestors must be assigned to the application role Request & Fulfillment | IT Shop | Attestors.

Users with this application role:

  • Attest correct assignment of company resource to IT Shop structures for which they are responsible.
  • Can view master data for these IT Shop structures but not edit them.

Note: This application role is available if the module Attestation Module is installed.

To edit attestors

  1. Select the category IT Shop | Basic configuration data | Attestors.
  2. Select Change master data in the task view.

    - OR -

    Select an application role in the result list. Select Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit the application role's master data.
    Table 106: Required Application Role Properties
    Property Value
    Parent application role Assign the application role Identity & Access Governance | IT Shop | Attestors or a child application role.
  4. Save the changes.
  5. Select the task Assign employees, to add members to the application role.
  6. Assign employees in Add assignments.

    - OR -

    Remove employees from Remove assignments.

  7. Save the changes.

Product owners

Product owners

Employees that are approvers in approval processes for requesting service items can be assigned to these service items. To do this, assign a service item or a service category to an application for Product owners. Assign this application role to employees who are authorized to approve requests in the IT Shop and to edit service item or service category data..

A default application role for product owners is available in One Identity Manager. You may create other application roles as required. For more information about application roles, see the One Identity Manager Application Roles Administration Guide.

Table 107: Default Application Roles for Product Owners
User Task

Product owners

The product owners must be assigned to the application roles Request & Fulfillment | IT Shop | Product owners or an application role below that.

Users with this application role:

  • Approve through requests.
  • Edit service items and service categories under their management.

To edit product owners

  1. Select the category IT Shop | Basic configuration data | Product owner.
  2. Select Change master data in the task view.

    - OR -

    Select an application role in the result list. Select Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit the application role's master data.
    Table 108: Required Application Role Properties
    Property Description
    Parent application role Assign the application role Request & Fulfillment | IT Shop | Product owner or a child application role.
  4. Save the changes.
  5. Select the task Assign employees, to add members to the application role.
  6. Assign employees in Add assignments.

    - OR -

    Remove employees from Remove assignments.

  7. Save the changes.
Related Topics
Related Documents