立即与支持人员聊天
与支持团队交流

Identity Manager 9.1.1 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Approval recommendations Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Restructuring the IT Shop Templates for automatically filling the IT Shop Custom mail templates for notifications Request templates Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Default approval workflows

One Identity Manager provides approval workflows by default. These approval workflows are used in the Identity & Access Lifecycle shop approval processes. Each default approval workflow is linked to a default approval policy. You can edit different properties of the approval step, for example, to configure notifications in the request process.

To edit default approval workflows

  • In the Manager, select the IT Shop > Basic configuration data > Approval workflows > Predefined category.

Determining effective approval policies

You can apply approval policies to different IT Shop structures and service items. If you have multiple approval policies within your IT Shop, which policy is to be used is based on which rules are specified.

Effective approval policies are defined by the following steps: If no approval policy is found in a step, the next one is checked. The following objects are checked in the following sequence:

  1. The requested service item

  2. The service category to which this service item is assigned

  3. Parent service category

  4. The shelf used for requesting the service item

  5. The shop where the shelf is located

  6. The shopping center where the shop is located

Multiple approval policies can also be identified in this way.

An approval policy found by one of these methods is applied under the following conditions:

  • The approval policy is not assigned a role type.

    - OR -

  • The assigned role type corresponds to the shelf role type.

If more than one effective approval policies are identified by the rules, the effective approval policy is determined by the following criteria (in the given order).

  1. The approval policy has the highest priority (alphanumeric sequence).

  2. The approval policy has the lowest number of approval steps.

  3. The first approval policy found is taken.

Furthermore:

  • If no approval policy can be found for a product, a request cannot be started.

    The same applies for renewals and unsubscriptions.

  • If no approver can be determined for one level of an approval policy, the request can be neither approved nor denied.

    • Pending requests are rejected and closed.

    • Unsubscriptions cannot be approved. Therefore, unsubscribed products remain assigned.

    • Renewals cannot be approved. Therefore, products for renewal remain assigned until the valid until date is reached.

NOTE: If an approval workflow for pending requests changes, you must decide how to proceed with these requests. Configuration parameters are used to define the desired procedure.

For more information, see Changing approval workflows of pending requests.

Related topics

Approvers for renewals

Once the currently effective approval policy has been identified, the actual approvers are determined by the approval workflow specified by it. When requests are renewed, a renewal workflow is run. If no renewal workflow is stored with the approval policy, approvers are determined by the approval workflow.

If no approvers can be identified for a renewal, then the renewal is denied. The product remains assigned only until the Valid until date. The request is then canceled and the assignment is removed.

Related topics

Approvers for unsubscriptions

Once the currently effective approval policy has been identified, the actual approvers are determined by the approval workflow specified by it. When a product is unsubscribed, the cancellation workflow runs. If no unsubscribe workflow is stored with the approval policy, approvers are determined by the approval workflow.

If no approvers can be determined for an unsubscription, then the unsubscription is denied. The product remains assigned.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级