立即与支持人员聊天
与支持团队交流

Identity Manager 9.1.1 - Web Portal User Guide

General tips and getting started Requests
Setting up and configuring request functions Requesting products Saved for Later list Managing my request templates Pending requests Displaying request history Canceling requests Renewing products with limit validity periods Unsubscribing products Displaying approvals Undoing approvals
Attestation Compliance Responsibilities
My responsibilities
Managing my departments Managing my application roles Managing my business roles Managing my identities Managing my cost centers Managing my locations Managing my system entitlements Managing my system roles
Delegating tasks Ownerships
Managing data
Managing identities Managing user accounts Managing system entitlements Managing departments Managing locations Managing cost centers Managing business roles Managing system roles
Appendix: Attestation conditions and approval policies from attestation procedures

Creating service items for system entitlements

You can create service items for system entitlements.

To create a service item for a system entitlement

  1. In the menu bar click Data administration > Data Explorer.

  2. In the Data Explorer navigation, click System entitlements.

  3. On the System Entitlements page, click the system entitlement for which you want to create a service item.

  4. In the Edit System Entitlements area, click the Details tab.

  5. On the Details tab, click Create service item.

  6. Click Service Item tab.

  7. On the Service Item tab, edit the service item's main data.

    Table 32: Main data of system entitlement service items

    Property

    Description

    Service item

    Enter a name for the service item.

    Description

    Enter a description of the service item.

    Service category

    You can group different service items into service categories. To do this, click Assign/Change and select the service category to which you want to assign the service item.
    For more information about service categories, see Managing service categories.

    Approval policy

    Select the approval policy used to determine the approver when the service item is requested in the Web Portal.

    Approval by multi-factor authentication

    Select this check box to specify that approvals of requests for this service item require multi-factor authentication.

    Max. days valid

    Specify how long an identity can keep the product until it is automatically unsubscribed again.

    An identity keeps their requested products on the shelf until they unsubscribe from them themselves. Sometimes, however, products are only required for a certain length of time and can be canceled automatically after this time. Products that are intended to have a limited shelf life need to be marked with a validity period.

    Website

    Specify the URL of a web page that contains more information about the product. Use the following format: https://www.example.com or http://www.example.com.

    This field allows you to link product descriptions in the internet or intranet to the service item.

    Sort order

    Specify how the service category is sorted.

    Request property

    Select the request property using the additional request parameters that are defined for a request. If you do not select any request properties, the request properties of the associated service category are used.

    Requests can be given additional information though product-specific request properties such as the specific details of a product, its size, or color. A request property gathers all additional features together that can be given when requesting a product.

    Functional area

    Click Assign/Change and then select the functional area to which you want to assign the service item.

    You can use One Identity Manager to assess the risk of assignments. The assessments can be evaluated separately by functional area. To do this, service items must be assigned to functional areas. For more information, see the One Identity Manager Risk Assessment Administration Guide.

    Attestors

    Click Assign/Change and then select an application role. Members of this application role can approve attestation cases that affect the service item.

    Terms of use

    Select the terms of use that the product's requester must accept.

    Picture

    Enter a picture for the service item. Users see this picture when they make a request.

    Perform the following actions as well:

    1. Click Add/Change.

    2. Select an image from your medium.

    Request parameters must be defined per recipient

    Select the check box to enter additional request properties separately for each recipient of this product, if the product is requested for different recipients in one request procedure.

    Retain service item assignment on relocation

    Select the check box if requests for this service item are retained when a customer or the product is moved.

    If an identity requests a product from a Shop and changes the Shop at a later date, a decision must be made about how to proceed with the existing request. The same applies if a product is moved to another shelf.

    Tags

    Enter tags for the product. These tags can be used as search criteria by requests in the Web Portal.

    Not requestable/Requestable

    Set the switch to Requestable if you want to request system entitlements through the Web Portal.

    Set the switch to Not requestable if you do not want to request system entitlements through the Web Portal.

    For more information, see Making system entitlements requestable.

    Product owner

    Product owners can edit service item's main data and, be included in approval procedures as approvers for requests of this service item.

    Specify which identities are responsible for the service item.

    • To specify members of a specific application role as product owners, perform the following under Product owners:

      1. Enable the Select from roles option.

      2. In the Product owner field, click Assign/Change.

      3. In the Edit Product Owner pane, click the appropriate application role.

    • To specify a specific identity as the product owner, perform the following under Product owners:

      1. Enable the Select from identities option.

      2. In the Identity list, select the corresponding identity.

  8. Click Save.

Editing system entitlement service items

You can edit the main data of service items.

To display and edit a service items role's main data

  1. In the menu bar click Data administration > Data Explorer.

  2. In the Data Explorer navigation, click System entitlements.

  3. On the System Entitlements page, click the system entitlement whose service item you want to edit.

  4. In the Edit System Entitlement pane, click the Service Item tab.

  5. On the Service Item tab, edit the service item's main data.

    Table 33: Main data of system entitlement service items

    Property

    Description

    Service item

    Enter a name for the service item.

    Description

    Enter a description of the service item.

    Service category

    You can group different service items into service categories. To do this, click Assign/Change and select the service category to which you want to assign the service item.
    For more information about service categories, see Managing service categories.

    Approval policy

    Select the approval policy used to determine the approver when the service item is requested in the Web Portal.

    Approval by multi-factor authentication

    Select this check box to specify that approvals of requests for this service item require multi-factor authentication.

    Max. days valid

    Specify how long an identity can keep the product until it is automatically unsubscribed again.

    An identity keeps their requested products on the shelf until they unsubscribe from them themselves. Sometimes, however, products are only required for a certain length of time and can be canceled automatically after this time. Products that are intended to have a limited shelf life need to be marked with a validity period.

    Website

    Specify the URL of a web page that contains more information about the product. Use the following format: https://www.example.com or http://www.example.com.

    This field allows you to link product descriptions in the internet or intranet to the service item.

    Sort order

    Specify how the service category is sorted.

    Request property

    Select the request property using the additional request parameters that are defined for a request. If you do not select any request properties, the request properties of the associated service category are used.

    Requests can be given additional information though product-specific request properties such as the specific details of a product, its size, or color. A request property gathers all additional features together that can be given when requesting a product.

    Functional area

    Click Assign/Change and then select the functional area to which you want to assign the service item.

    You can use One Identity Manager to assess the risk of assignments. The assessments can be evaluated separately by functional area. To do this, service items must be assigned to functional areas. For more information, see the One Identity Manager Risk Assessment Administration Guide.

    Attestors

    Click Assign/Change and then select an application role. Members of this application role can approve attestation cases that affect the service item.

    Terms of use

    Select the terms of use that the product's requester must accept.

    Picture

    Enter a picture for the service item. Users see this picture when they make a request.

    Perform the following actions as well:

    1. Click Add/Change.

    2. Select an image from your medium.

    Request parameters must be defined per recipient

    Select the check box to enter additional request properties separately for each recipient of this product, if the product is requested for different recipients in one request procedure.

    Retain service item assignment on relocation

    Select the check box if requests for this service item are retained when a customer or the product is moved.

    If an identity requests a product from a Shop and changes the Shop at a later date, a decision must be made about how to proceed with the existing request. The same applies if a product is moved to another shelf.

    Tags

    Enter tags for the product. These tags can be used as search criteria by requests in the Web Portal.

    Not requestable/Requestable

    Set the switch to Requestable if you want to request system entitlements through the Web Portal.

    Set the switch to Not requestable if you do not want to request system entitlements through the Web Portal.

    For more information, see Making system entitlements requestable.

    Product owner

    Product owners can edit service item's main data and, be included in approval procedures as approvers for requests of this service item.

    Specify which identities are responsible for the service item.

    • To specify members of a specific application role as product owners, perform the following under Product owners:

      1. Enable the Select from roles option.

      2. In the Product owner field, click Assign/Change.

      3. In the Edit Product Owner pane, click the appropriate application role.

    • To specify a specific identity as the product owner, perform the following under Product owners:

      1. Enable the Select from identities option.

      2. In the Identity list, select the corresponding identity.

  6. Click Save.

Related topics

Managing system entitlement memberships

As soon as a system entitlement has been assigned to an identity using a corresponding user account, the identity becomes a member in the system entitlement.

Detailed information about this topic

Displaying system entitlement memberships

You can display which identities are assigned to certain system entitlements.

To display memberships

  1. In the menu bar click Data administration > Data Explorer.

  2. In the Data Explorer navigation, click System entitlements.

  3. In the list, click the system entitlement whose memberships you want to display.

  4. In the Edit System Entitlement pane, click the Memberships tab.

  5. (Optional) To display all memberships exist directly in the selected system entitlement, click Direct memberships.

  6. (Optional) To display all memberships created by inheritance from child system entitlements, click Inherited memberships.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级