立即与支持人员聊天
与支持团队交流

Identity Manager 9.1.2 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Approval recommendations Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Restructuring the IT Shop Templates for automatically filling the IT Shop Custom mail templates for notifications Request templates Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Deleting request templates

To delete a request template

  1. In the Manager, select the IT Shop > Request templates category.

  2. Select a request template in the result list.

  3. Click in the result list.

NOTE: Every owner can delete his own request templates in the Web Portal. One Identity Manager users with the Request & Fulfillment | IT Shop | Administrators application role can delete the request templates of all owners.

Recommendations and tips for transporting IT Shop components with the Database Transporter

For more information about working with change labels and about transporting changes with the Database Transporter, see the One Identity Manager Operational Guide.

To transport IT Shop components with the Database Transporter, take the following into account:

  • In one transport package, only include a maximum of one shop with shelves and customer nodes including the dynamic roles and, if necessary, associated approval policies.

  • You should not transport products that reference target system entitlements. Target system entitlements are loaded into the database by synchronization and obtain different UIDs in different databases. This means that references to these entitlements do not match up in the products.

  • Approval policies, approval workflows, approval steps, and approval procedures should be transported together. If necessary, mail templates and mail definitions must be transported as well.

  • If IT Shop components reference application or business roles, they must also be transported along with their child roles.

  • Transport translations if required.

  • If you want to group several objects and dependencies and other changes into a transport package, work with change labels where possible. In the Database Transporter, you can export change labels to a transport package. You can import the transport package with the Database Transporter.

  • Alternatively, you can transport a single object with its dependencies by creating an export in transport format. Then you can import the export with the Database Transporter.

Troubleshooting errors in the IT Shop

Timeout on saving requests

If new requests are saved in bulk in the database a timeout may occur, after importing data, for example.

Probable reason

By default, the approvers responsible are determined during saving. This delays the saving process. No more actions can take place in One Identity Manager until all requests are saved and, therefore, all approvers have been found. Depending on the system configuration, this may cause a timeout to occur when large amounts of data are being processed.

Solution
  • In the Designer, disable the QER | ITShop | DecisionOnInsert configuration parameter.

Effect
  • The requests are saved and a calculation task for determining approvers is queued in the DBQueue. Approvers responsible are determined outside the save process.

  • If the requester is also the approver, the approval step is not automatically granted approval. Approvers must explicitly approve their own requests. For more information, see Automatically approving requests.

  • Automatic approval decisions are also met if necessary, but are delayed. This affects requests with self-service, for example.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级