Chat now with support
Chat with Support

Identity Manager 9.3 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Approval recommendations for requests Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence
The request overview Requesting products more than once Requests with limited validity period Relocating a customer or product to another shop Changing approval workflows of pending requests Requests for employees Requesting change of manager for an employee Canceling requests Unsubscribe products Notifications in the request process Approval by mail Adaptive cards approval Requests with limited validity period for changed role memberships Requests from permanently deactivated identities Deleting request procedures and deputizations
Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Restructuring the IT Shop Templates for automatically filling the IT Shop Custom mail templates for notifications Product bundles Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results Example of defining request properties

Displaying assignment resource overviews

Use this task to obtain an overview of the most important information about an assignment resource. For this, you need to take into account the affiliation of the assignment resource to IT Shop structures.

To obtain an overview of a service item

  1. In the Manager, select the Entitlements > Assignment resources for IT Shop category.

  2. Select the assignment resource in the result list.

  3. Select the Assignment resource overview task.

Adding assignment resources to the IT Shop

An assignment resource can be requested by shop customers when it is assigned to an IT Shop shelf.

To add a resource assignment to the IT Shop

  1. In the Manager, select the Entitlements > Assignment resources for IT Shop category.

  2. Select the assignment resource in the result list.

  3. Select the Add to IT Shop task.

  4. To assign the assignment resource to shelves, select the IT Shop shelves tab and, in the Add assignments section, select the shelves with a double-click.

  5. To assign the assignment resource to IT Shop templates, select the IT Shop templates tab and, in the Add assignments section, select the template with a double-click.

  6. Save the changes.

Removing assignment resources from the IT Shop

To remove an assignment resource from all IT Shop shelves.

  1. In the Manager, select the Entitlements > Assignment resources for IT Shop category.

  2. Select the assignment resource in the result list.

  3. Select the Add to IT Shop task.

  4. To remove the assignment resource from the shelves, select the IT Shop shelves tab and, in the Remove assignments section, double-click the shelves.

  5. To remove the assignment resource from the IT Shop templates, select the IT Shop templates tab and, in the Remove assignments section, double-click the shelves.

  6. Save the changes.

To remove an assignment resource from all IT Shop shelves.

  1. In the Manager, select the Entitlements > Assignment resources for IT Shop category.

  2. Select the assignment resource in the result list.

  3. Select the Remove from all shelves (IT Shop) task.

  4. Confirm the security prompt with Yes.
  5. Click OK.

    The One Identity Manager Service removes the assignment resource from all shelves. All assignment requests with this assignment resource are canceled in the process.

Delegations

Role assignment and responsibilities can be temporarily delegated to others. Thereby, a distinction is made between single delegations and deputizing.

  • Deputize: Delegate all your responsibilities for a defined area to a deputy. The following areas can be selected:

    • Approval authorization for requests

      Once an identity is determined as the approver for requests, their deputy is added as an additional approver.

    • Exception approval requests violate the rules

      Once an identity is determined as the exception approver for requests, their deputy is added as an additional exception approver.

    • Approval authorization in attestation cases

      Once an identity is determined as the attestor, their deputy is added as an additional attestor.

    • Manager of identities

      The deputy of an identity's manager can also approve managerial tasks. For example, a deputy can initiate requests for employees.

    • Manager of all roles of a role class

      The deputy of a hierarchical roles manager can also approve all managerial tasks. For example, a deputy can initiate assignment requests for a business role.

      You can delegate responsibility for the following role classes:

      • Departments

      • Cost centers

      • Locations

      • Selected business roles

      • IT Shop structures (owner)

    Example: During their vacation, user A delegates any responsibilities as manager of business roles with the "Projects 2222" role class and approval authorization for requests to their deputy, user B.

    • A deputization, unlike single delegation, cannot be delegated further.

    • A single responsibility that was acquired via deputization can be delegated further by single delegation. (Example: User B delegates their responsibility for the "Projects 2222: Role B" business role to User E.)

    • An identity that is connected as a main or sub-identity cannot become a delegate nor can deactivated identities.

  • Single delegation: Delegate your responsibility for a specific role or your memberships in a specific business or application role to any given identity.

    Example: User C delegates their membership in the "Project 2222: Role A" business role to user D.

    • Single delegations can be delegated further.

Delegations are automatically approved after a compliance check. They can be canceled and deleted. For more information about delegating tasks, see the One Identity Manager Web Portal User Guide.

Delegations are revoked when the valid-until date is exceeded, the delegate is deleted from the customer node, or the deputy is deactivated.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating