Chat now with support
Chat with Support

Identity Manager 8.0 - IT Shop Administration Guide

Setting up an IT Shop Solution
One Identity Manager Users in the IT Shop Putting the IT Shop into Operation Requestable Products Preparing Products for Requesting Assigning and Removing Products Preparing the IT Shop for Multi-factor Authentication Assignment Requests and Delegating Creating IT Shop Requests from Existing User Accounts, Assignments and Role Memberships Adding Groups Automatically to the IT Shop
Approval Processes for IT Shop Requests
Editing Approval Policies Approval Workflows Determining Effective Approval Policies Selecting Responsible Approvers Request Risk Analysis Testing Requests for Rule Compliance Approving Requests from an Approver Automatic Request Approval Obtaining Other Information about Requests by an Approver Appointing Other Approvers Setting up an Approval Step Approvers cannot be Established Automatic Approval on Timeout Abort Request on Timeout Approval through Chief Approval Team Approving Requests with Terms of Use Using Default Approval Processes
Request Sequence Managing an IT Shop
IT Shop Base Data Setting up IT Shop Structures Setting Up a Customer Node Deleting IT Shop Structures Templates for Automatically Filling the IT Shop Creating Custom Mail Templates for Notifications request templates
Default Solution for Requesting System Entitlements Error Handling Appendix: Configuration Parameters for the IT Shop Appendix: Request Statuses Appendix: Example of Request Results

Default Solution for Requesting System Entitlements

Default Solution for Requesting System Entitlements

In One Identity Manager, default products and default approval workflows are available for requesting Active Directory groups and SharePoint groups, as well as membership in these groups, through the IT Shop. Entitlements in this target system are therefore issued by defined approval process. Product owners and target system managers can edit these system entitlement properties and request changes in the Web Portal.

For more detailed information, see the .One Identity Manager Web Portal User Guide

NOTE: In order to publish the requested changes in the target system, you have to set up synchronization with the target system environment. Provisioning processes and workflows must be configured.

For more detailed information about setting up synchronization, see the One Identity Manager Administration Guide for Connecting to Active Directory and the One Identity Manager Administration Guide for Connecting to SharePoint.

Detailed information about this topic

Adding an SharePoint Group

Adding an SharePoint group

Installed Module: SharePoint Module
Table 133: Default Product for Requesting an SharePoint Group
Product Adding an SharePoint group
Service category SharePoint groups
Shelf Identity & Access Lifecycle | Group Lifecycle
Approval policies/approval workflows Approval of SharePoint group create requests

New SharePoint groups can be added in SharePoint using these default products. The requester provides information about the name and site collection, if known, of the request. Based on this information, the target system manager specifies the container, in which the group will be added and grants approval for the request. The group is added One Identity Managerin and published in the target system.

Prerequisite

  • Employees are assigned to the application role Target system | SharePoint.

If the configuration parameter "QER\ITShop\GroupAutoPublish" is set, the group is added to the IT Shop and the assigned to the shelf "Identity & Access Lifecycle\SharePoint groups". The group is assigned to the existing service category.

Adding an Active Directory Group

Adding an Active Directory group

Installed Module: Active Directory Module
Table 134: Default Product for Requesting an Active Directory Group
Products Adding an Active Directory security group

Adding an Active Directory distribution group

Service categories Active Directory groups
Shelf Identity & Access Lifecycle | Group Lifecycle
Approval policies/approval workflows Approval of Active Directory group create requests

By requesting this default product, you can add new security groups or distribution groups in the Active Directory. The requester provides information about the name, container and domain, if known, of the request. Based on this information, the target system manager specifies the container, in which the group will be added and grants approval for the request. The group is added in One Identity Manager and published in the target system.

Prerequisite

  • Employees are assigned to the application role Target system | Active Directory.

If the configuration parameter "QER\ITShop\GroupAutoPublish" is set, the group is added to the IT Shop and the assigned to the shelf "Identity & Access Lifecycle\Active Directory groups". The group is assigned to the service category "Security group" or "Distribution group" respectively.

Modifying an Active Directory Group

Modifying an Active Directory group

Installed Module: Active Directory Module
Table 135: Default Product for Modifying an Active Directory Group
Product Modifying an Active Directory group
Service category Not assigned
Shelf Identity & Access Lifecycle | Group Lifecycle
Approval policies/approval workflows Approval of Active Directory group change requests

Product owners and target system managers can request modifications to the group type and group scope of Web Portal groups in the Active Directory. The target system manager must grant approval for these changes. The changes are published in the target system.

Prerequisites

  • The group can be requested in the IT Shop.
  • Employees are assigned to the application role Target system | Active Directory.
Related Documents