立即与支持人员聊天
与支持团队交流

Identity Manager On Demand - Starling Edition Hosted - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Approval recommendations for requests Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence
The request overview Requesting products more than once Requests with limited validity period Relocating a customer or product to another shop Changing approval workflows of pending requests Requests for employees Requesting change of manager for an employee Canceling requests Unsubscribe products Notifications in the request process Approval by mail Adaptive cards approval Requests with limited validity period for changed role memberships Requests from permanently deactivated identities Deleting request procedures and deputizations
Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Restructuring the IT Shop Templates for automatically filling the IT Shop Custom mail templates for notifications Product bundles Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Sequence for limited requests

A recipient keeps a product on the shelf up to a specific point in time when they unsubscribe the products again. Sometimes, however, products are only required for a certain length of time and can be canceled automatically. The recipient is notified by email before the expiry date is reached and has the option to renew the request.

To set up the notification procedure

  1. In the Designer, set the QER | ITShop | ValidityWarning configuration parameter and enter the warning period (in days) for expiring requests.

  2. In the Designer, configure and activate the Reminder for IT Shop requests that expire soon schedule.

  3. Enter the following data for the approval policy:

    • Mail template expired: Select the mail template to be used for the email notification. The default installation provides the IT Shop request - product expires and IT Shop request - expired mail templates.

  4. Save the changes.
Related topics

Approving or denying request approval

When a request is granted approval or denied, the request recipient is notified by email. Notification may occur after approval or denial of a single approval step or once the entire approval process is complete. Requests can be automatically granted or denied approval once a specified time period has expired. The recipient is notified in the same way in this case.

To set up the notification procedure

  • If notification should be sent immediately after an approval decision is made for a single approval step, enter the following data on the Mail templates tab of the approval step.

    • Mail template approved: IT Shop request - approval granted for approval step

    • Mail template denied: IT Shop request - approval not granted for approval step

  • Enter the following data in the approval policy when notification should immediately follow the approval decision of the entire approval process:

    • Mail template approved: IT Shop request - approval granted

    • Mail template denied: IT Shop request - approval not granted

Related topics

Notifying delegates

If required, a delegator can receive notifications if the deputy or recipient of the single delegation has made a request in the IT Shop. Notification is sent once an identity has been determined as an approver on the basis of a delegation and has made an approval decision for the request.

To send notification when the identity who was delegated an approval approves or denies the request

  • In the Designer, set the QER | ITShop | Delegation | MailTemplateIdents | InformDelegatorAboutDecisionITShop configuration parameter.

    By default, a notification is sent with the Delegation - inform delegator about decided request mail template.

TIP: To use custom mail templates for emails of this type, change the value of the configuration parameter.

Delegations are taken into account in the following default approval procedures.

Table 58: Delegation relevant default approval procedures

Delegation of

Approval procedure

Department responsibilities

D0, D1, D2, DM, DP, MS

Cost center responsibilities

P0, P1, P2, PM, PP, MS

Location responsibilities

MS

Business role responsibilities

OM, MS

Identity responsibilities

CM

IT Shop structure responsibilities

H0, H1, H2

Memberships in business roles

OR

Memberships in application roles

DI, DR, ID, IL, IO, IP, OA, OC, OH, PI, PR, RD, RL, RO, RP, TO

Example

Jan User3 is responsible for the R1 business role. They delegate their responsibility for the business role to Jo User1. Jo User1 is themselves responsible for R2 business role.

A member of the R1 business role requests a product in the IT Shop. In the approval process, Jan User3 is established as an approver through the OM - Manager of a specific role approval procedure. The request is assigned to Jo User1 for approval through delegation. Jan User3 is notified about the request as soon as Jo User1 has made their approval decision.

A member of the R2 business role requests a product in the IT Shop. In the approval process, Jo User1 is established as the approver through the OM - Manager of a specific role approval procedure. No notification is sent because Jo User1 does not make the approval decision due to delegation.

Bulk delegation

You have the option to delegate all your responsibilities to an identity in the Web Portal. If you have a lot of responsibilities, it is possible that not all the delegations are carried out. A delegator can send a notification to themselves if an error occurs.

Detailed information about this topic
Related topics

Canceling requests

Requests can be automatically canceled for various reasons, for example, when a specified time period has expired or if no approver can be found. The request recipient is notified.

To set up the notification procedure

  • In the approval policy, on the Mail templates tab, enter the following data.

    Mail template stopped: IT Shop request - canceled

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级