立即与支持人员聊天
与支持团队交流

Identity Manager 9.2 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Approval recommendations for requests Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence
The request overview Requesting products more than once Requests with limited validity period Relocating a customer or product to another shop Changing approval workflows of pending requests Requests for employees Requesting change of manager for an employee Canceling requests Unsubscribe products Notifications in the request process Approval by mail Adaptive cards approval Requests with limited validity period for changed role memberships Requests from permanently deactivated identities Deleting request procedures and deputizations
Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Restructuring the IT Shop Templates for automatically filling the IT Shop Custom mail templates for notifications Product bundles Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Determining effective approval policies

You can apply approval policies to different IT Shop structures and service items. If you have multiple approval policies within your IT Shop, which policy is to be used is based on which rules are specified.

Effective approval policies are defined by the following steps: If no approval policy is found in a step, the next one is checked. The following objects are checked in the following sequence:

  1. The requested service item

  2. The service category to which this service item is assigned

  3. Parent service category

  4. The shelf used for requesting the service item

  5. The shop where the shelf is located

  6. The shopping center where the shop is located

Multiple approval policies can also be identified in this way.

An approval policy found by one of these methods is applied under the following conditions:

  • The approval policy is not assigned a role type.

    - OR -

  • The assigned role type corresponds to the shelf role type.

If more than one effective approval policies are identified by the rules, the effective approval policy is determined by the following criteria (in the given order).

  1. The approval policy has the highest priority (alphanumeric sequence).

  2. The approval policy has the lowest number of approval steps.

  3. The first approval policy found is taken.

Furthermore:

  • If no approval policy can be found for a product, a request cannot be started.

    The same applies for renewals and unsubscriptions.

  • If no approver can be determined for one level of an approval policy, the request can be neither approved nor denied.

    • Pending requests are rejected and closed.

    • Unsubscriptions cannot be approved. Therefore, unsubscribed products remain assigned.

    • Renewals cannot be approved. Therefore, products for renewal remain assigned until the valid until date is reached.

NOTE: If an approval workflow for pending requests changes, you must decide how to proceed with these requests. Configuration parameters are used to define the desired procedure.

For more information, see Changing approval workflows of pending requests.

Related topics

Approvers for renewals

Once the currently effective approval policy has been identified, the actual approvers are determined by the approval workflow specified by it. When requests are renewed, a renewal workflow is run. If no renewal workflow is stored with the approval policy, approvers are determined by the approval workflow.

If no approvers can be identified for a renewal, then the renewal is denied. The product remains assigned only until the Valid until date. The request is then canceled and the assignment is removed.

Related topics

Approvers for unsubscriptions

Once the currently effective approval policy has been identified, the actual approvers are determined by the approval workflow specified by it. When a product is unsubscribed, the cancellation workflow runs. If no unsubscribe workflow is stored with the approval policy, approvers are determined by the approval workflow.

If no approvers can be determined for an unsubscription, then the unsubscription is denied. The product remains assigned.

Related topics

Selecting responsible approvers

One Identity Manager can make approvals automatically in an approval process or through approvers. An approver is an identity or a group of identities who can grant or deny approval for a request (renewal or cancellation) within an approval process. It takes several approval procedures to grant or deny approval. You specify in the approval step which approval procedure should be used.

If several people are determined to be approvers by an approval procedure, the number given in the approval step specifies how many people must approve the step. Only then is the request presented to the approvers in the next approval level. The request is canceled if an approver cannot be found for an approval step.

One Identity Manager provides approval procedures by default. You can also define your own approval procedures.

The DBQueue Processor calculates which identity is authorized as an approver and in which approval level. The calculation is triggered by the IT Shop approver schedule. Take into account the special cases for each approval procedure when setting up the approval workflows to determine those authorized to grant approval.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级