Chat now with support
Chat with Support

Identity Manager 9.3 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Approval recommendations for requests Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence
The request overview Requesting products more than once Requests with limited validity period Relocating a customer or product to another shop Changing approval workflows of pending requests Requests for employees Requesting change of manager for an employee Canceling requests Unsubscribe products Notifications in the request process Approval by mail Adaptive cards approval Requests with limited validity period for changed role memberships Requests from permanently deactivated identities Deleting request procedures and deputizations
Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Restructuring the IT Shop Templates for automatically filling the IT Shop Custom mail templates for notifications Product bundles Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results Example of defining request properties

Reports about service items

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for service items.

NOTE: Other sections may be available depending on the which modules are installed.

Table 6: Reports about service items
Report Description
Overview of all assignments

This report finds all roles containing identities with the selected service item.

Related topics

Overview of all assignments

The Overview of all assignments report is displayed for some objects, such as authorizations, compliance rules, or roles. The report finds all the roles, for example, departments, cost centers, locations, business roles, and IT Shop structures in which there are identities who own the selected base object. In this case, direct as well as indirect base object assignments are included.

Example: Assignment overview

  • If the report is created for a resource, all roles are determined in which there are identities with this resource.

  • If the report is created for a group or another system entitlement, all roles are determined in which there are identities with this group or system entitlement.

  • If the report is created for a compliance rule, all roles are determined in which there are identities who violate this compliance rule.

  • If the report is created for a department, all roles are determined in which identities of the selected department are also members.

  • If the report is created for a business role, all roles are determined in which identities of the selected business role are also members.

To display detailed information about assignments

  • To display the report, select the base object from the navigation or the result list and select the Overview of all assignments report.

  • Click the Used by button in the report toolbar to select the role class for which you want to determine whether roles exist that contain identities with the selected base object.

    All the roles of the selected role class are shown. The color coding of elements identifies the role in which there are identities with the selected base object. The meaning of the report control elements is explained in a separate legend. To access the legend, click the icon in the report's toolbar.

  • Double-click a control to show all child roles belonging to the selected role.

  • By clicking the button in a role's control, you display all identities in the role with the base object.

  • Use the small arrow next to to start a wizard that allows you to bookmark this list of identities for tracking. This creates a new business role to which the identities are assigned.

Figure 3: Toolbar of the Overview of all assignments report.

Table 7: Meaning of icons in the report toolbar

Icon

Meaning

Show the legend with the meaning of the report control elements

Saves the current report view as a graphic.

Selects the role class used to generate the report.

Displays all roles or only the affected roles.

Entering service categories

You can group individual service items into service categories to create a service catalog.

To edit service categories

  1. In the Manager, select the IT Shop > Basic configuration data > Service categories category.

    - OR -

    In the Manager, select the IT Shop > Service catalog category.

  2. In the result list, select the service category and run the Change main data task.

  3. Edit the service category's main data.

  4. Save the changes.

Main data for service categories

Enter the following main data of a service category. If you add a new service category, you must fill out the required fields.

Table 8: General main data of a service category

Main data

Meaning

Service category

The service item’s name.

Special service category

Specifies whether the service category has a special purpose.

Parent service category

If you want to have service categories in a hierarchical structure, select a parent service category from the list.

Product owners

Assign a Request & Fulfillment | IT Shop | Product owner application role.

Product owners can be used as approvers in a defined approval process within the IT Shop. They can decide on approval of the service item request.

To create a new application role, click . Enter the application role name and assign a parent application role.

Attestors

Assign a Request & Fulfillment | IT Shop | Attestor application role.

The members of this application role can chosen as attestor in an attestation procedure.

To create a new application role, click . Enter the application role name and assign a parent application role.

For more information, see the One Identity Manager Attestation Administration Guide.

Approval policies

Approval policies used to determine the approver when the service item is requested from a service category in the IT Shop.

Request property

Select a request property using the additional request parameters that are defined for a request.

Requests can be given additional information though product-specific request properties such as the specific details of a product, its size, or color. A request property gathers all additional features together that can be given when requesting a product.

To create a new request property, click and enter the request property's name. Then define the request parameters.

Purchase price, sales price, internal price, currency

Enter the required price information for the service category accounting.

Sort order

Customer specific criteria for sorting assigned service items.

Reason type on request

Specifies which type of reason is required when requesting a service item from this service catalog.

  • Optional: A reason can be provided if required.

  • Reason required (standard or free): A standard reason must be selected or a reason given with any text.

  • Free text required: A reason must be given with freely selected text.

Reason type on approval

Specifies which type of reason is required when granting approval to a service item from this catalog.

  • Optional: A reason can be provided if required.

  • Reason required (standard or free): A standard reason must be selected or a reason given with any text.

  • Free text required: A reason must be given with freely selected text.

Reason type on denial

Specifies which type of reason is required when denying approval to a service item from this catalog.

  • Optional: A reason can be provided if required.

  • Reason required (standard or free): A standard reason must be selected or a reason given with any text.

  • Free text required: A reason must be given with freely selected text.

Description

Text field for additional explanation.

Full name

Full name of the service category.

Remarks

Text field for additional explanation.

Picture

Picture for this service category. Select the path where the picture is stored.

Spare field no. 01 - spare field no. 10

Additional company-specific information. Use the Designer to customize display names, formats, and templates for the input fields.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating