Chat now with support
Chat with Support

Identity Manager 8.0 - IT Shop Administration Guide

Setting up an IT Shop Solution
One Identity Manager Users in the IT Shop Putting the IT Shop into Operation Requestable Products Preparing Products for Requesting Assigning and Removing Products Preparing the IT Shop for Multi-factor Authentication Assignment Requests and Delegating Creating IT Shop Requests from Existing User Accounts, Assignments and Role Memberships Adding Groups Automatically to the IT Shop
Approval Processes for IT Shop Requests
Editing Approval Policies Approval Workflows Determining Effective Approval Policies Selecting Responsible Approvers Request Risk Analysis Testing Requests for Rule Compliance Approving Requests from an Approver Automatic Request Approval Obtaining Other Information about Requests by an Approver Appointing Other Approvers Setting up an Approval Step Approvers cannot be Established Automatic Approval on Timeout Abort Request on Timeout Approval through Chief Approval Team Approving Requests with Terms of Use Using Default Approval Processes
Request Sequence Managing an IT Shop
IT Shop Base Data Setting up IT Shop Structures Setting Up a Customer Node Deleting IT Shop Structures Templates for Automatically Filling the IT Shop Creating Custom Mail Templates for Notifications request templates
Default Solution for Requesting System Entitlements Error Handling Appendix: Configuration Parameters for the IT Shop Appendix: Request Statuses Appendix: Example of Request Results

Overview of Entitled Customers

Overview of Entitled Customers

To obtain an overview of a customer node

  1. Select the category  IT Shop | IT Shop | <shop> | Customers or IT Shop | IT Shop | <shopping center> | <shop> | Customers.
  2. Select Entitled customers overview in the task view.

Assign Employees

Assign Employees

Add the employee to the customer node who is authorized to make requests for the shop. You have two possible ways of doing this. Employee can be assigned to a customer node either directly or through a dynamic role.

IMPORTANT: If a shop contains a large number of customer, the calculations in the IT Shop can cause a heavy load on the DBQueue Processor and therefore on the database server as well.

Never assign more than 30 000 employees to a customer node!

To assign employees directly to a< custom node

  1. Select the category IT Shop | IT Shop | <shop> | Customers or IT Shop | IT Shop | <shopping center> | <shop> | Customers.
  2. Select Assign employees in the task view.
  3. Assign the employees authorized to make requests in Add assignments.

    - OR -

    Remove employees from Remove assignments.

  4. Save the changes.

If an employee is removed from a customer node, all pending requests for this employee are aborted.

Creating Dynamic Roles

Creating Dynamic Roles

Add the employee to the customer node who is authorized to make requests for the shop. You have two possible ways of doing this. Employee can be assigned to a customer node either directly or through a dynamic role.

NOTE: The task Create dynamic role is only available for customer nodes which do not have the option Dynamic roles not allowed set.

IMPORTANT: If a shop contains a large number of customer, the calculations in the IT Shop can cause a heavy load on the DBQueue Processor and therefore on the database server as well.

Formulate the condition for the dynamic role so that no more than 30 00 employees are found.

To create a dynamic role

  1. Select the category IT Shop | IT Shop | <shop> | Customers or IT Shop | IT Shop | <shopping center> | <shop> | Customers.
  2. Select Create dynamic role in the task view.
  3. Enter the required master data.
  4. Save the changes.

To edit a dynamic role

  1. Select the category IT Shop | IT Shop | <shop> | Customers or IT Shop | IT Shop | <shopping center> | <shop> | Customers.
  2. Select Entitled customers overview in the task view.
  3. Select the form element Dynamic roles and click on the dynamic role.
  4. Select Change master data in the task view.
  5. Edit the dynamic role's master data.
  6. Save the changes.

For more detailed information about dynamic roles, see the One Identity Manager Identity Management Base Module Administration Guide. The following features apply to dynamic roles for customer nodes:

Table 116: Properties of a Customer Node Dynamic Role
Property Description
IT Shop Nodes This data is initialized with selected customer nodes. If the employee objects meet the dynamic role conditions, they are added to this customer node.
Object class Employee
Dynamic role The dynamic role name is made up of the object class and the full name of the IT Shop node, by default.
Calculation schedule

Schedule for calculating dynamic roles. Employees with request permissions for the shop are determined regularly at the times specified in the schedule.

The task "default schedule dynamic role check" is already defined in the standard version of the One Identity Manager. All dynamic role memberships are checked using this schedule and recalculation requests are sent to the DBQueue Processor if necessary. Use the Designer to customize schedules or set up new ones to meet your requirements. For more information, see the One Identity Manager Configuration Guide.

To delete a dynamic role

  1. Select the category IT Shop | IT Shop | <shop> | Customers or IT Shop | IT Shop | <shopping center> | <shop> | Customers.
  2. Select Entitled customers overview in the task view.
  3. Select the form element Dynamic roles and click on the dynamic role.
  4. Click in the Manager's toolbar.
  5. Confirm the security prompt with Yes.

Deleting IT Shop Structures

Deleting IT Shop Structures

In order to delete IT Shop structures you have to remove all the child IT Shop structures. This applies to manually added IT Shop structures in the same way as it does for shelves and products created from shelf templates.

Related Documents