Setting up an IT Shop Solution
One Identity Manager Users in the IT Shop
Putting the IT Shop into Operation
Requestable Products
Preparing Products for Requesting
Approval Processes for IT Shop Requests
Entering Service Items
Assigning and Removing Products
Preparing the IT Shop for Multi-factor Authentication
General Master Data for a Service Item
Pricing Information
Extended Master Data for a Service Item
Default Service Items
Additional Tasks for Managing Service Items
Entering Service Categories
Service Item Overview
Editing Product Dependencies for Requests
Assign Hierarchical Roles
Assign Function Areas
assign extended properties
Displaying Websites
Changing Products
Assign Tag
Assign Object Dependent References
Specifying Products Dependencies
Reports about Service Items
Service Category Master Data
Default Service Categories
Additional Tasks for Managing Service Categories
Entering Product Specific Request Properties
Products with a Limited Request Period
Product Request on Customer or Product Relocation
Non-Requestable Products
Entering Terms of Use
Entering Tags
Editing Table Properties
Preparing Starling 2FA Token Requests
Using Multi-Factoring for Requests
Requesting a Security Code
Assignment Requests and Delegating
Standard Products for Assignment Requests and Delegation
Requesting Single Business Roles
Customizing Assignment Requests
Preparing for Delegation
Notifying Delegates
Canceling Assignments and Delegations
Removing a Customer from a Shop
Setting up Assignment Resources
Creating IT Shop Requests from Existing User Accounts, Assignments and Role Memberships
Creating Requests for Employees
Creating User Account Requests
Creating Requests for Workdesks
Creating Assignment Requests
Adding Groups Automatically to the IT Shop
Editing Approval Policies
Request Sequence
General Master Data for Approval Policies
Default Approval Policies
Additional Tasks for Approval Policies
Approval Workflows
Working with the Workflow Editor
Setting Up Approval Workflows
Additional Tasks for Approval Workflows
Deleting Approval Workflows
Default Approval Workflows
Determining Effective Approval Policies
Selecting Responsible Approvers
Default Approval Procedures
Request Risk Analysis
Testing Requests for Rule Compliance
Approving Requests from an Approver
Automatic Request Approval
Obtaining Other Information about Requests by an Approver
Appointing Other Approvers
Setting up an Approval Step
Approvers cannot be Established
Automatic Approval on Timeout
Abort Request on Timeout
Approval through Chief Approval Team
Approving Requests with Terms of Use
Using Default Approval Processes
Self-Service
Using IT Shop Structures to Find Approvers
Using the Request Recipient to find Approvers
Using a Specific Role to find Approvers
Using the Requested Product to Find Approvers
Using an Approval Role to Find Approvers
Using a Cost Center to Find Approvers
Using a Department to Find Approvers
Using a Requested Role to find Approvers
Deferred Request Approval
Calculated approval
Making External Approvals
Finding Requesters
Setting up Approval Procedures
Deleting Approval Procedures
Determining Approvers
Requests Overview
Multiple Requests for one Product
Requests with Limited Validity Period
Relocating a Customer or Product to another Shop
Requests for Employees
Request Change of Manager for an Employee
Canceling a Request
Notifications in the Request Process
Managing an IT Shop
Demands for Approval
Remind Approver
Scheduled Approval Demands
Limited Period Request Sequence
Request Granting or Denying Approval
Request Abort
Escalating a Request
Self-Service
Approval Rejection
Notifications with Questions
Request Approval through Additional Approvers
Unsubscribing an Approved Request
Product Change Notification
Default Mail Templates
Bulk Delegation Notifications
Approval by Mail
Requests with Limited Validity Period for Challenged Role Memberships
Requests from Permanently Disabled Employees
Deleting Requests
IT Shop Base Data
Default Solution for Requesting System Entitlements
Role Types
Processing status
Role Classes
Attestors
Product owners
Chief approval team
Business Partners
Functional areas
Standard Reasons
Setting up IT Shop Structures
General Master Data for a IT Shop Structure
User Defined Data for a IT Shop Structure
Additional Tasks for IT Shop Structures
Setting Up a Customer Node
General Master Data for a Customer Node
General Master Data for a Customer Node
Additional Tasks for Customer Nodes
Deleting IT Shop Structures
Templates for Automatically Filling the IT Shop
Implementing Shelf Templates in a IT Shop Solution
Editing Shelf Templates
Creating Custom Mail Templates for Notifications
General Master Data for a Shelf Template
User Defined Master Data for a Shelf Template
Additional Tasks for Shelf Templates
Assigning Shelf Templates to Shops and Shopping Center Templates
Deleting Shelf Templates
General Properties of a Mail Template
Creating and Editing an Email Definition
Custom Notification Processes
request templates
Adding an SharePoint Group
Adding an Active Directory Group
Modifying an Active Directory Group
Deleting an Active Directory Group
Requesting Groups Memberships
Error Handling
Appendix: Configuration Parameters for the IT Shop
Appendix: Request Statuses
Appendix: Example of Request Results
Overview of Entitled Customers
Managing an IT Shop > Setting Up a Customer Node > Additional Tasks for Customer Nodes > Overview of Entitled Customers
Overview of Entitled Customers
To obtain an overview of a customer node
- Select the category IT Shop | IT Shop | <shop> | Customers or IT Shop | IT Shop | <shopping center> | <shop> | Customers.
- Select Entitled customers overview in the task view.
Assign Employees
Managing an IT Shop > Setting Up a Customer Node > Additional Tasks for Customer Nodes > Assign Employees
Assign Employees
Add the employee to the customer node who is authorized to make requests for the shop. You have two possible ways of doing this. Employee can be assigned to a customer node either directly or through a dynamic role.
|
|
IMPORTANT: If a shop contains a large number of customer, the calculations in the IT Shop can cause a heavy load on the DBQueue Processor and therefore on the database server as well.
Never assign more than 30 000 employees to a customer node! |
To assign employees directly to a< custom node
- Select the category IT Shop | IT Shop | <shop> | Customers or IT Shop | IT Shop | <shopping center> | <shop> | Customers.
- Select Assign employees in the task view.
- Assign the employees authorized to make requests in Add assignments.
- OR -
Remove employees from Remove assignments.
- Save the changes.
If an employee is removed from a customer node, all pending requests for this employee are aborted.
Creating Dynamic Roles
Managing an IT Shop > Setting Up a Customer Node > Additional Tasks for Customer Nodes > Creating Dynamic Roles
Creating Dynamic Roles
Add the employee to the customer node who is authorized to make requests for the shop. You have two possible ways of doing this. Employee can be assigned to a customer node either directly or through a dynamic role.
|
|
NOTE: The task Create dynamic role is only available for customer nodes which do not have the option Dynamic roles not allowed set. |
|
|
IMPORTANT: If a shop contains a large number of customer, the calculations in the IT Shop can cause a heavy load on the DBQueue Processor and therefore on the database server as well.
Formulate the condition for the dynamic role so that no more than 30 00 employees are found. |
To create a dynamic role
- Select the category IT Shop | IT Shop | <shop> | Customers or IT Shop | IT Shop | <shopping center> | <shop> | Customers.
- Select Create dynamic role in the task view.
- Enter the required master data.
- Save the changes.
To edit a dynamic role
- Select the category IT Shop | IT Shop | <shop> | Customers or IT Shop | IT Shop | <shopping center> | <shop> | Customers.
- Select Entitled customers overview in the task view.
- Select the form element Dynamic roles and click on the dynamic role.
- Select Change master data in the task view.
- Edit the dynamic role's master data.
- Save the changes.
For more detailed information about dynamic roles, see the One Identity Manager Identity Management Base Module Administration Guide. The following features apply to dynamic roles for customer nodes:
| Property | Description |
|---|---|
| IT Shop Nodes | This data is initialized with selected customer nodes. If the employee objects meet the dynamic role conditions, they are added to this customer node. |
| Object class | Employee |
| Dynamic role | The dynamic role name is made up of the object class and the full name of the IT Shop node, by default. |
| Calculation schedule |
Schedule for calculating dynamic roles. Employees with request permissions for the shop are determined regularly at the times specified in the schedule. The task "default schedule dynamic role check" is already defined in the standard version of the One Identity Manager. All dynamic role memberships are checked using this schedule and recalculation requests are sent to the DBQueue Processor if necessary. Use the Designer to customize schedules or set up new ones to meet your requirements. |
To delete a dynamic role
- Select the category IT Shop | IT Shop | <shop> | Customers or IT Shop | IT Shop | <shopping center> | <shop> | Customers.
- Select Entitled customers overview in the task view.
- Select the form element Dynamic roles and click on the dynamic role.
- Click
in the Manager's toolbar.
- Confirm the security prompt with Yes.
Deleting IT Shop Structures
Deleting IT Shop Structures
In order to delete IT Shop structures you have to remove all the child IT Shop structures. This applies to manually added IT Shop structures in the same way as it does for shelves and products created from shelf templates.