Chat now with support
Chat with Support

Identity Manager 8.0 - IT Shop Administration Guide

Setting up an IT Shop Solution
One Identity Manager Users in the IT Shop Putting the IT Shop into Operation Requestable Products Preparing Products for Requesting Assigning and Removing Products Preparing the IT Shop for Multi-factor Authentication Assignment Requests and Delegating Creating IT Shop Requests from Existing User Accounts, Assignments and Role Memberships Adding Groups Automatically to the IT Shop
Approval Processes for IT Shop Requests
Editing Approval Policies Approval Workflows Determining Effective Approval Policies Selecting Responsible Approvers Request Risk Analysis Testing Requests for Rule Compliance Approving Requests from an Approver Automatic Request Approval Obtaining Other Information about Requests by an Approver Appointing Other Approvers Setting up an Approval Step Approvers cannot be Established Automatic Approval on Timeout Abort Request on Timeout Approval through Chief Approval Team Approving Requests with Terms of Use Using Default Approval Processes
Request Sequence Managing an IT Shop
IT Shop Base Data Setting up IT Shop Structures Setting Up a Customer Node Deleting IT Shop Structures Templates for Automatically Filling the IT Shop Creating Custom Mail Templates for Notifications request templates
Default Solution for Requesting System Entitlements Error Handling Appendix: Configuration Parameters for the IT Shop Appendix: Request Statuses Appendix: Example of Request Results

Chief approval team

Chief approval team

Sometimes, approval decisions cannot be made for requests because the approver is not available or does not have access to One Identity Manager tools. To complete the request, however, you can define a chief approval team whose members are authorized to intervene in the approval process at any time.

There is a default application role in One Identity Manager for the chief approval team. Assign this application role to all employees who are authorized to approve, deny, abort requests in special cases or to authorize other approvers. For more information about application roles, see One Identity Manager Application Roles Administration Guide.

Table 109: Default Application Role for Chief Approval Team
User Task

Chief approval team

The chief approver must be assigned to the application Request & Fulfillment | IT Shop | Chief approval team

Users with this application role:

  • Approve through requests.
  • Assign requests to other approvers.

To add members to the chief approval team

  1. Select the category IT Shop | Basic configuration data | Chief approval team.
  2. Select Assign employees in the task view.
  3. Assign employee authorized to approve requests in Add assignments.

    - OR -

    Remove the assignments of employee to chief approval team in Remove assignments.

  4. Save the changes.
Detailed information about this topic

Business Partners

Business Partners

In One Identity Manager, you can enter the data for external businesses that could be act as manufacturers, suppliers or partners. You assign a manufacturer to a service item.

To edit business partners

  1. Select the category IT Shop | Basic configuration data | Business partners.
  2. Select the business partners in the result list. Select Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit the business partner's master data.
  4. Save the changes.

Enter the following data for a company:

Table 110: General Master Data for a Company

Property

Description

Company

Short description of the company for the views in One Identity Manager tools.

Name

Full company name.

Surname prefix

Additional company name.

Short name

Company's short name.

Contact

Contact person for the company.

Partner

Specifies whether this is a partner company.

Customer number

Customer number at the partner company.

Supplier

Specifies whether this is a supplier.

Customer number

Customers number at supplier.

Leasing partner

Specifies whether this is a leasing provider or rental firm.

Manufacturer

Specifies whether this is a manufacturer.

Remarks

Spare text box for additional explanation.

Table 111: Company address
Property Description

Street

Street or road.

Building

Building

Zip code

Zip code.

Town

City.

State

State.

Country

Country.

Phone

Company's telephone number.

Fax

Company's fax number.

Email address

Company's email address.

Web page

Company's website.

Use the Browse button to open the website in the default web browser.

Functional areas

Functional areas

To analyze rule checks for different areas of your company in the context of identity audit, you can set up functional areas. Functional areas can be assigned to hierarchical roles and service items. You can enter criteria that provide information about risks from rule violations for functional areas and hierarchical roles. To do this, you specify how man rule violations are permitted in a functional area or a role. You can enter separate assessment criteria for each role, such as a risk index or transparency index.

Example for using Functional Areas

The risk of rule violation should be analyzed for service items. Proceed as follows:

  1. Set up functional areas.
  2. Assign service items to the functional areas.
  3. Define assessment criteria for the functional areas.
  4. Assign compliance rules required for the analysis to the functional area.
  5. Use the One Identity Manager report function to create a report that prepares the result of rule checking for the functional area by any criteria.

To edit functional areas

  1. Select the category IT Shop | Basic configuration data | Functional areas.
  2. Select the functional area in the result list. Select Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit the function area master data.
  4. Save the changes.

Enter the following data for a functional area.

Table 112: Functional Area Properties
Property Description
Functional area Description of the functional area
Parent Functional area Parent functional area in a hierarchy.

Select a parent functional area from the list in order to organize your functional areas hierarchically.

Max. number of rule violations List of rule violation valid for this functional area. This value can be evaluated during the rule check.

NOTE: This input field is available if theCompliance Rules Module exists.
Description Spare text box for additional explanation.

Standard Reasons

Standard Reasons

In the Web Portal, you can enter reasons, which provide explanations for the sequence of a request and individual approval decisions of the requests or request approvals. You can freely formulate this text. You also have the option to predefine reasons. The approver selects the most suitable text from these standards reasons in the Web Portal and stores it with the request.

Standard reasons are display in the approval history and in the request details.

To edit standard reasons

  1. Select the category IT Shop | Basic configuration data | Standard reasons.
  2. Select a standard reason in the result list. Select Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit the master data for a standard reason.
  4. Save the changes.

Enter the following properties for the standard reason.

Table 113: General Master Data for a Standard Reason
Property Description
Standard reason Reason text as displayed in the Web Portal and in the approval history.
Description Spare text box for additional explanation.
Automatic Approval Specifies whether the reason text is entered automatically by One Identity Manager into the request.

Do not set this option if the you want to select the standard reason in the Web Portal.

Additional text required Specifies whether an additional reason should be entered in freely formatted text for the approval.
Related Documents