立即与支持人员聊天
与支持团队交流

Identity Manager 9.1 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Approval recommendations Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Restructuring the IT Shop Templates for automatically filling the IT Shop Custom mail templates for notifications Request templates Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Role classes for the IT Shop

Role classes form the basis for mapping IT Shop structures in One Identity Manager. The following role classes are available by default in One Identity Manager:

  • IT Shop structure

  • IT Shop template (if the QER | ITShop | Templates configuration parameter is set)

Use role classes to specify which company resources can be requested through the IT Shop. At the same time, you decide which company resources may be assigned as products to shelves and IT Shop templates.

The following options define which company resources may be assigned to IT Shop structures and IT Shop templates:

  • Assignments allowed

    This option specifies whether the assignment of the relevant company resources is permitted in general.

  • Direct assignments allowed

    This option specifies whether the relevant company resources can be directly assigned.

NOTE: Company resources are always assigned directly to shelves and IT Shop templates. Therefore, always enable and disable both options.

To configure assignment to IT Shop structures and IT Shop templates

  1. In the Manager, select the IT Shop > Basic configuration data > Role classes category.

  2. In the result list, select the role class.

  3. Select the Configure role assignments task.

  4. In the Role assignments column, select a company resource.

    Enable the Assignments permitted option, to specify whether an assignment is generally allowed.

    Enable the Direct assignment permitted options, to specify whether a direct assignment is allowed.

    Disable the options if the assignment is not allowed.

    INFORMATION: You can only disable the options if there are no assignments of the respective objects to IT Shop structures or IT Shop templates.
  5. Save the changes.

Role types for the IT Shop

Create role types in order to classify roles. You can use role types to limit the approval policies in effect for shelves. To do this, assign role types to shelves and approval policies.

You can also assign role types to shops if you want to apply further criteria to distinguish between shops. Role types for shops do not, however, influence how the approval policies in effect are determined.

To edit a role type

  1. In the Manager, select the IT Shop > Basic configuration data > Role types category.

  2. In the result list, select the role type and run the Change main data task.

    - OR -

    Click in the result list.

  3. Enter a name and detailed description for the role type.

  4. Save the changes.
Related topics

Business partners

In One Identity Manager, you can enter the data for external businesses that could be act as manufacturers, suppliers, or partners. You assign a manufacturer to a service item.

To edit business partners

  1. In the Manager, select the IT Shop > Basic configuration data > Business partners category.

  2. In the result list, select a business partner and run the Change main data task.

    - OR -

    Click in the result list.

  3. Edit the business partner's main data.

  4. Save the changes.

Enter the following data for a company.

Table 64: General main data of a company

Property

Description

Company

Short description of the company for the views in One Identity Manager tools.

Name

Full company name.

Surname prefix

Additional company name.

Short name

Company's short name.

Contact

Contact person for the company.

Partner

Specifies whether this is a partner company.

Customer number

Customer number at the partner company.

Supplier

Specifies whether this is a supplier.

Customer number

Customers number at supplier.

Leasing partner

Specifies whether this is a leasing provider or rental firm.

Manufacturer

Specifies whether this is a manufacturer.

Remarks

Text field for additional explanation.

Table 65: Company address

Property

Description

Street

Street or road.

Building

Building

Zip code

Zip code.

City

City.

State

State.

Country

Country.

Phone

Company's telephone number.

Fax

Company's fax number.

Email address

Company's email address.

Website

Company's website. Click the button to display the web page in the default web browser.

Functional areas

To analyze rule checks for different areas of your company in the context of identity audit, you can set up functional areas. Functional areas can be assigned to hierarchical roles and service items. You can enter criteria that provide information about risks from rule violations for functional areas and hierarchical roles. To do this, you specify how many rule violations are permitted in a functional area or a role. You can enter separate assessment criteria for each role, such as a risk index or transparency index.

Moreover, functional areas can be replaced by peer group analysis during request approvals or attestation cases.

Example: Use of functional areas

To assess the risk of rule violations for service items. Proceed as follows:

  1. Set up functional areas.

  2. Assign service items to the functional areas.

  3. Specify the number of rule violations allowed for the functional area.

  4. Assign compliance rules required for the analysis to the functional area.

  5. Use the One Identity Manager report function to create a report that prepares the result of rule checking for the functional area by any criteria.

To create or edit a functional area

  1. In the Manager, select the IT Shop > Basic configuration data > Functional areas category.

  2. In the result list, select a function area and run the Change main data task.

    - OR -

    Click in the result list.

  3. Edit the function area main data.

  4. Save the changes.

Enter the following data for a functional area.

Table 66: Functional area properties

Property

Description

Functional area

Description of the functional area

Parent Functional area

Parent functional area in a hierarchy.

Select a parent functional area from the list for organizing your functional areas hierarchically.

Max. number of rule violations

List of rule violation valid for this functional area. This value can be evaluated during the rule check.

NOTE: This property is available if the Compliance Rules Module is installed.

Description

Text field for additional explanation.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级