立即与支持人员聊天
与支持团队交流

Identity Manager 9.2 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Approval recommendations for requests Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence
The request overview Requesting products more than once Requests with limited validity period Relocating a customer or product to another shop Changing approval workflows of pending requests Requests for employees Requesting change of manager for an employee Canceling requests Unsubscribe products Notifications in the request process Approval by mail Adaptive cards approval Requests with limited validity period for changed role memberships Requests from permanently deactivated identities Deleting request procedures and deputizations
Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Restructuring the IT Shop Templates for automatically filling the IT Shop Custom mail templates for notifications Product bundles Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Requesting change of manager for an employee

Managers can edit main data of their employees in the Web Portal. In the same context, it is possible to define a new manager for an employee. To do this, the previous manager requests assignment of another manager. If the other manager agrees to the assignment, they are assigned to the employee as manager.

Prerequisites

The following objects are made available in the One Identity Manager database by default:

Table 55: Default objects for the change of manager

Objects

Description

New manager assignment multi-request resource

Is used to request the other manager in the IT Shop. The product is canceled the moment the new manager has been assigned.

The New manager assignment service item is assigned.

New manager assignment service item

Product that is ordered when another manager is assigned.

The New manager assignment approval policy is assigned.

Identity & Access Lifecycle | Identity Lifecycle IT Shop structure

The service item is assigned by default to the Identity Lifecycle shelf in the Identity & Access Lifecycle shop.

New manager assignment approval policy

This specifies the approval workflow by which the change of manager is approved.

It is assigned to the approval workflow, New manager assignment.

New manager assignment approval workflow

This determines the other manager as an approver.

If this is denied, the request is returned to the previous manager.

VI_ESS_PersonWantsOrg_Set_New_Person.Manager process

Allocates the other manager to the identity as manager as soon as the change of manager was approved and the validity period of the request is reached.

Procedure for changing managers
  1. The previous manager edits the main data of the employee the other manager is going to take on. They select an identity as manager and specify a date from which the changes take effect.

    Table 56: Changes that are requested

    Property

    Description

    New manager

    Identity to be assigned as a new manager for the employee.

    Effective date

    The date on which the change takes effect.

    Changes to be run after approval is granted

    Changes that should be run after approval has been granted and the new manager has been assigned, for example, deleting user accounts or removing memberships in system entitlements.

    The previous manager can decide which of the changes listed should be run.

  2. A request with the following properties is triggered.

    Table 57: Properties of the manager change request

    Property

    Description

    Requester

    Previous manager.

    Recipient

    Employee.

    Additional request data

    New manager.

    Approver

    New manager.

    Valid from

    The date on which the change takes effect.

    Additional data

    Additional changes to be run.

  3. The request is assigned for approval to the new manager, who can also specify what other changes should be made after the manager has been replaced.

    1. If the manager denies approval, the request is returned to the previous manager.

      This manager can select another manager and approve the request. The request is assigned to this other manager for approval.

      The previous manager can deny request approval. The change of manager is closed. The employee’s manager is not changed.

    2. If the new manager grants approval to the request, they are assigned as manager to the identity from the validity date of the request. All selected additional changes are also run on the validity date.

  4. Product is unsubscribed. The request is closed.

For more information about assigning a new manager, see the One Identity Manager Web Designer Web Portal User Guide.

Canceling requests

Request recipients, requesters, and the members of the chief approval team can cancel requests that have not already be approved in the Web Portal. The approval process is canceled immediately. The request is given the Canceled status.

For more information about canceling processes in the Web Portal, see the One Identity Manager Web Designer Web Portal User Guide.

To cancel a request in the Manager

  1. In the Manager, select the IT Shop > Requests > Pending requests > <filter> > <request> category.

  2. Select a request procedure in the result list.

  3. Click Cancel request.

  4. Confirm the security prompt with Yes.
  5. Click OK.

Unsubscribe products

Assigned products that are no longer needed can be unsubscribed. Each request undergoes an approval process. If an unsubscription workflow is stored with the approval policy, unsubscription is approved or denied by an approver. If there is no unsubscription workflow given, unsubscription is approved immediately.

If the request's Valid until date has already expired and unsubscription is likely to be denied, the approver must enter a new Valid until date.

Request recipients can be notified if a request is unsubscribed by another identity.

Related topics

Notifications in the request process

In a request process, various email notifications can be sent to requesters and approvers. The notification procedure uses mail templates to create notifications. The mail text in a mail template is defined in several languages. This ensures that the language of the recipient is taken into account when the email is generated. Mail templates are supplied in the default installation with which you can configure the notification procedure.

Messages are not sent to the chief approval team by default. Fallback approvers are only notified if not enough approvers could be found for an approval step.

To use email notifications

  1. Ensure that the email notification system is configured in One Identity Manager. For more information, see the One Identity Manager Installation Guide.

  2. In the Designer, set the QER | ITShop | DefaultSenderAddress configuration parameter and enter the sender address used to send the email notifications.

  3. Ensure that all identities have a default email address. Notifications are sent to this address. For more information, see the One Identity Manager Identity Management Base Module Administration Guide.

  4. Ensure that a language can be determined for all identities. Only then can they receive email notifications in their own language. For more information, see the One Identity Manager Identity Management Base Module Administration Guide.

  5. Configure the notification procedure.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级