立即与支持人员聊天
与支持团队交流

Identity Manager On Demand - Starling Edition Hosted - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Approval recommendations for requests Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence
The request overview Requesting products more than once Requests with limited validity period Relocating a customer or product to another shop Changing approval workflows of pending requests Requests for employees Requesting change of manager for an employee Canceling requests Unsubscribe products Notifications in the request process Approval by mail Adaptive cards approval Requests with limited validity period for changed role memberships Requests from permanently deactivated identities Deleting request procedures and deputizations
Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Restructuring the IT Shop Templates for automatically filling the IT Shop Custom mail templates for notifications Product bundles Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Bulk delegation errors

You have the option to delegate all your responsibilities to an identity in the Web Portal. If you have a lot of responsibilities, it is possible that not all the delegations are carried out. A delegator can send a notification to themselves if an error occurs.

Probable reason

An error occurred processing delegations. VI_ITShop_Person Mass Delegate was stopped, although only a fraction of the delegations has been applied.

Solution
  1. Configure the notification procedure.

  2. Run all remaining delegations again in the Web Portal.

Related topics

Process monitoring for requests

For more information about process monitoring in One Identity Manager, see the One Identity Manager Configuration Guide.

To configure process monitoring for requests

  1. In the Designer, check whether the Common | ProcessState configuration parameter is set. If not, set the configuration parameter.

    If this configuration parameter is set, a process monitoring entry (DialogProcess table) is created when the request is created.

  2. In the Designer, check the Common | ProcessState | UseGenProcIDFromPWO configuration parameter.

    If this configuration parameter is set, the GenProcID of an IT Shop request is retained for the entirety of the approval process.

    If the configuration parameter is not set, a new GenProcID is used for each approval decision.

  3. In the Designer, check the QER | ITShop | GenProcIDBehavior configuration parameter

    Set the configuration parameter and use the value to specify how many GenProcIDs should be generated for a shopping cart's requests.

    • MultiID: Generates a new GenProcID for each shopping cart request.
    • SingleID: Generates one GenProcID for the entire shopping cart. All requests created through the shopping cart are given the same GenProcID.

    If the configuration parameter is not set, a separate GenProcID is generated for each shopping cart request.

Configuration parameters for the IT Shop

Additional configuration parameters for the IT Shop are available in One Identity Manager. The following table contains a summary of all applicable configuration parameters for the IT Shop.

Table 82: Overview of configuration parameters

Configuration parameter

Description

QER | ITShop

Preprocessor relevant configuration parameter to control the component parts for the IT Shop. If the parameter is set, the IT Shop components are available. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

QER | ITShop | AutoCloseInactivePerson

This configuration parameter defines whether identities are removed from all customer nodes when they are permanently disabled.

QER | ITShop | AutoDecision

This configuration parameter controls automatic approval of IT Shop requests over several approval levels.

QER | ITShop | AutoPublish

General configuration parameter that defines automatic assignment of system entitlements to the IT Shop.

QER | ITShop | AutoPublish | AADDeniedServicePlan

Preprocessor relevant configuration parameter for automatically adding Azure Active Directory service plans to the IT Shop. If the parameter is set, all service plans are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

In effect in module: Azure Active Directory Module

QER | ITShop | AutoPublish | AADDeniedServicePlan | ExcludeList

List of all Azure Active Directory service plans that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.

QER | ITShop | AutoPublish | AADGroup

Preprocessor relevant configuration parameter for automatically adding Azure Active Directory groups to the IT Shop. If the parameter is set, all groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

In effect in module: Azure Active Directory Module

QER | ITShop | AutoPublish | AADGroup | ExcludeList

List of all Azure Active Directory groups that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.

Example:

.*Administrator.*|Exchange.*|.*Admins|.*Operators|IIS_IUSRS

QER | ITShop | AutoPublish | AADSubSku

Preprocessor relevant configuration parameter for automatically adding Azure Active Directory subscriptions to the IT Shop. If the parameter is set, all subscriptions are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

In effect in module: Azure Active Directory Module

QER | ITShop | AutoPublish | AADSubSku | ExcludeList

List of all Azure Active Directory subscriptions that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.

QER | ITShop | AutoPublish | ADSGroup

Preprocessor relevant configuration parameter for automatically adding Active Directory groups to the IT Shop. If the parameter is set, all groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

In effect in modules: Active Directory Module, Active Roles Module

QER | ITShop | AutoPublish | ADSGroup | ExcludeList

List of all Active Directory groups that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.

Example:

.*Administrator.*|Exchange.*|.*Admins|.*Operators|IIS_IUSRS

QER | ITShop | AutoPublish | ADSGroup | AutoFillDisplayName

The configuration parameter specifies whether the template should be applied to the ADSGroup.DisplayName column.

QER | ITShop | AutoPublish | O3EDL

Preprocessor relevant configuration parameter for automatically adding Exchange Online mail-enabled distribution groups to the IT Shop. If the parameter is set, all distribution groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

In effect in module: Exchange Online Module

QER | ITShop | AutoPublish | O3EDL | ExcludeList

List of all Exchange Online mail-enabled distribution groups that must not to be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.

Example:

.*Administrator.*|Exchange.*|.*Admins|.*Operators|IIS_IUSRS

QER | ITShop | AutoPublish | O3EUnifiedGroup

Preprocessor relevant configuration parameter for automatically adding Office 365 groups to the IT Shop. If the parameter is set, all groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

In effect in module: Exchange Online Module

QER | ITShop | AutoPublish | O3EUnifiedGroup | ExcludeList

List of all Office 365 groups that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.

QER | ITShop | AutoPublish | O3TTeam

Preprocessor relevant configuration parameter for automatically adding Microsoft Teams teams to the IT Shop. If the parameter is set, all teams are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

In effect in module: Microsoft Teams Module

QER | ITShop | AutoPublish | O3TTeam | ExcludeList

List of all Microsoft Teams teams that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.

QER | ITShop | AutoPublish | PAGUsrGroup

Preprocessor relevant configuration parameter for automatically adding PAM user groups to the IT Shop. If the parameter is set, all user groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

In effect in module: Privileged Account Governance Module

QER | ITShop | AutoPublish | PAGUsrGroup | ExcludeList

List of all PAM user groups that are not to be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.

Example: .*Administrator.*|.*Admins|.*Operators

QER | ITShop | AutoPublish | SPSGroup

Preprocessor relevant configuration parameter for automatically adding SharePoint groups to the IT Shop. If the parameter is set, all groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

In effect in module: SharePoint Module

QER | ITShop | AutoPublish | SPSGroup | ExcludeList

List of all SharePoint groups that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.

Example:

.*Administrator.*|Exchange.*|.*Admins|.*Operators|IIS_IUSRS

QER | ITShop | AutoPublish | OLGRole

Preprocessor relevant configuration parameter for automatically adding OneLogin roles to the IT Shop. If the parameter is set, all roles are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

In effect in module: OneLogin

QER | ITShop | AutoPublish | OLGRole| ExcludeList

List of all OneLogin roles that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.

Example:

.*Administrator.*|Exchange.*|.*Admins|.*Operators|IIS_IUSRS

QER | ITShop | ChallengeRoleRemoval

General configuration parameter for dealing with role assignments that are modified by data import. Removal of role memberships can be challenged with the help of temporary requests.

QER | ITShop | ChallengeRoleRemoval | DaysOfValidity

This configuration parameter contains the validity period (in days) of temporary requests for challenged role memberships.

QER | ITShop | ChallengeRoleRemoval | Department

Temporary requests of department memberships are supported.

QER | ITShop | ChallengeRoleRemoval | Department | Primary

Temporary membership of the previous department is requested if changes are made to the primary membership in departments.

QER | ITShop | ChallengeRoleRemoval | ITShopOrg

This configuration parameter contains the product node that is assigned to the requested assignment resource.

QER | ITShop | ChallengeRoleRemoval | Locality

Temporary requests of location memberships are supported.

QER | ITShop | ChallengeRoleRemoval | Locality |
Primary

Temporary membership of the previous location is requested if changes are made to the primary membership in locations.

QER | ITShop | ChallengeRoleRemoval | Org

Temporary requests of business role memberships are supported.

QER | ITShop | ChallengeRoleRemoval | Org | Primary

Temporary membership of the previous business role is requested if changes are made to the primary membership in business roles.

QER | ITShop | ChallengeRoleRemoval | ProfitCenter

Temporary requests of cost center memberships are supported.

QER | ITShop | ChallengeRoleRemoval | ProfitCenter | Primary

Temporary membership of the previous cost center is requested if changes are made to the primary membership in cost centers.

QER | ITShop | DecisionOnInsert

This configuration parameter controls approval of a request the moment is it added.

QER | ITShop | DefaultSenderAddress

Sender's default email address for sending automatically generated notifications about requests. Replace the default address with a valid email address.

Syntax:

sender@example.com

Example:

NoReply@company.com

You can enter the sender's display name in addition to the email address. In this case, ensure that the email address is enclosed in chevrons (<>).

Example:

One Identity <NoReply@company.com>

QER | ITShop | Delegation

Preprocessor relevant configuration parameter for controlling model components for delegation and role membership. Changes to the parameter require recompiling the database. If the parameter is set, delegation components are available.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

QER | ITShop | DeleteClosed

This configuration parameter specifies whether closed requests are deleted.

QER | ITShop | DeleteClosed | Aborted

This configuration parameter specifies the maximum retention time (in days) of canceled requests.

QER | ITShop | DeleteClosed | Dismissed

This configuration parameter specifies the maximum retention time (in days) of denied requests.

QER | ITShop | DeleteClosed | Unsubscribed

This configuration parameter specifies the maximum retention time (in days) of canceled requests.

QER | ITShop | ExceededValidUntilUnsubscribe

The configuration parameter specifies whether requests of limited validity are unsubscribed or canceled once their limit is exceeded. If the parameter is set and the request has the status Assigned or Renewal, the request is unsubscribed if not other request exist for the product that is currently in effect. Expired requests with the status Unsubscription and Unsubscribed are no longer taken into account. Expired requests with the status approved, pending, request are canceled. If the parameter is not set, the request will be canceled in any case.

QER | ITShop | GapBehavior

Defines behavior when checking the validity period of new requests.

QER | ITShop | GapBehavior | GapDefinition

This configuration parameter specifies which requests are checked.

QER | ITShop | GapBehavior | GapFitting

This configuration parameter specifies whether validity periods of two or more pending requests can overlap.

QER | ITShop | GenProcIDBehavior

This configuration parameter specifies how many GenProcIDs should be generated for a shopping cart's requests. If the configuration parameter is not set, a separate GenProcID is generated for each shopping cart request.

QER | ITShop | LimitOfNodeCheck

Maximum number of product nodes that can be generated or deleted by a DBQueue Processor run. Once this number is exceeded, a task for generating the rest of the nodes is queued in the DBQueue.

QER | ITShop | MailApproval | Account

Name of the user account for authenticating the mailbox used for approval by mail.

QER | ITShop | MailApproval | AppID

Exchange Online application ID for authentication with OAuth 2.0. If the value is not set, the Basic or the NTML authentication method is used.

QER | ITShop | MailApproval | DeleteMode

Specifies the way emails are deleted from the inbox.

QER | ITShop | MailApproval | Domain

Domain of the user account for authenticating the mailbox used for approval by mail.

QER | ITShop | MailApproval | ExchangeURI

URL of the Microsoft Exchange web service for accessing the mailbox. If this is not given, AutoDiscover mode is used to detect the URL.

QER | ITShop | MailApproval | Inbox

Microsoft Exchange mailbox to which approvals by mail are sent.

QER | ITShop | MailApproval | Password

Password of the user account for authenticating the mailbox used for approval by mail.

QER | ITShop | MailTemplateIdents | AnswerToApprover

This mail template is used to send a notification with an answer to a question from an approver.

QER | ITShop | MailTemplateIdents | InformAddingPerson

This mail template is used to notify approvers that an approval decision has been made for the step they added.

QER | ITShop | MailTemplateIdents | InformDelegatingPerson

This mail template is used to notify approvers that an approval decision has been made for the step they delegated.

QER | ITShop | MailTemplateIdents | ITShopApproval

Mail template used for requests made through "Approval by mail".

QER | ITShop | MailTemplateIdents | QueryFromApprover

This mail template is used to send a notification with a question from an approver to an identity.

QER | ITShop | MailTemplateIdents | RequestApproverByCollection

This mail template is used for generating an email when there are pending requests for an approver. If this configuration parameter is not set, a "Mail template request" or "Mail template reminder" for single approval steps can be entered to send an email for each request. If this configuration parameter is set, single mails are not sent.

QER | ITShop | OnWorkflowAssign

This configuration parameter specifies how pending orders are handled when an approval, change, or cancellation workflow is reassigned to the approval policy.

QER | ITShop | OnWorkflowUpdate

This configuration parameter specifies how pending orders are handled when the approval workflow is changed.

QER | ITShop | PeerGroupAnalysis

This configuration parameter allows automatic approval of requests by peer group analysis.

QER | ITShop | PeerGroupAnalysis | ApprovalThreshold

This configuration parameter defines a threshold for peer group analysis between 0 and 1. The default value is 0.9.

QER | ITShop | PeerGroupAnalysis | CheckCrossfunctionalAssignment

This configuration parameter specifies whether functional areas should be take into account in peer group analysis. If the parameter is set, the request is only approved if the request's recipient and the requested product belong to the same functional area.

QER | ITShop | PeerGroupAnalysis | IncludeManager

This configuration parameter specifies whether identities can be added to the peer group who have the same manager as the request's recipient.

QER | ITShop | PeerGroupAnalysis | IncludePrimaryDepartment

This configuration parameter determines whether identities that are primary members of the primary department of the request's recipient are included in the peer group.

QER | ITShop | PeerGroupAnalysis | IncludeSecondaryDepartment

This configuration parameter determines whether identities that are a secondary members of the primary or secondary department of the request's recipient are included in the peer group.

QER | ITShop | PersonInsertedNoDecide

This configuration parameter specifies whether the identity that triggered the request may approve it.

QER | ITShop | PersonOrderedNoDecide

This configuration parameter specifies whether the identity for whom the request was triggered, may approve it.

QER | ITShop | PersonInsertedNoDecideCompliance

This configuration parameter specifies whether the identity that initiated the request can issue exception if compliance rules are violated by the request.

QER | ITShop | PersonOrderedNoDecideCompliance

This configuration parameter specifies whether the identity for whom the request was initiated can issue exception if compliance rules are violated by the request.

QER | ITShop | Recommendation

Threshold values for approval recommendations are defined under this configuration parameter.

QER | ITShop | Recommendation | ApprovalRateThreshold

This configuration parameter specifies the threshold for the approval rate. The approval rate determines the proportion of approvals for this product in previous requests that were decided with the same approval procedure. The lower the threshold, the more likely granting approval will be recommended.

QER | ITShop | Recommendation | PeerGroupThreshold

This configuration parameter specifies the threshold for the peer group factor. The peer group factor determines the proportion of identities in the peer group who already own the product. The lower the threshold, the more likely granting approval will be recommended.

QER | ITShop | Recommendation | RiskIndexThreshold

This configuration parameter specifies the threshold for the risk index of the request's recipient. The current request is already taken into account. The higher the threshold, the more likely granting approval will be recommended.

QER | ITShop | ReducedApproverCalculation

This configuration parameter specifies, which approval steps are recalculated if the IT Shop approver must be recalculated.

QER | ITShop | ReplaceAssignmentRequestOnLeaveCU

If an identity leaves a customer node, all assigned requests are canceled and assignment requests are converted to direct assignments. If this parameter is set, then assignment requests can be transferred to the manager or central approver group, and to the UID_PersonFallback if necessary. (Note: These identities must have approval authorization for this assignment).

QER | ITShop | ReplaceAssignmentRequestOnLeaveCU | UID_PersonFallback

UID_Person is an identity that is set as the fallback if no other request recipient can be found for an assignment request. This identity must be a customer in all shops in which assignments can be requested.

QER | ITShop | ReuseDecision

This configuration parameter specifies if approval granted by one approver to all approval steps of an approval process is transferred. If the parameter is set, the current step is approved if an approval step is reached in the approval process for which an identity with approval authorization has already granted approval. If the parameter is not set, the approver must separately approve each step for which they have approval authorization. If approval has not been granted, it is not transferred.

QER | ITShop | ShoppingCartPattern

This configuration parameter specifies whether product bundles can be used in the IT Shop.

QER | ITShop | ShoppingCartPattern | AutoQualified

This configuration parameter specifies whether public product bundles are automatically labeled as "shared" or whether they have to be manually shared by a manager.

QER | ITShop | ShowClosedAssignmentOrders

This configuration parameter specifies whether the manager of an organization or business role can view completed assignment requests for their organization or business role.

If this parameter is not set, the manager can only view open assignment requests for their organization or business role.

QER | ITShop | Templates

Preprocessor relevant configuration parameter for controlling the database model components for the Shelf Filling Wizard. Changes to the parameter require recompiling the database. Shelf templates can be used. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

QER | ITShop | Templates | DeleteRecursive

This configuration parameter specifies whether the recursive deletion is allowed from shelf templates. This configuration parameter is disabled by default.

QER | ComplianceCheck | DisableSelfExceptionGranting

Excludes rule violators from becoming exception approvers. If this parameter is set, no one can approve their own rule violations.

QER | ComplianceCheck | EnableITSettingsForRule

IT Shop properties for the compliance rule are visible and can be edited.

QER | Person | Starling

Specifies whether connecting to the One Identity Starling cloud platform is supported.

Initiate your subscription within your One Identity on-prem product and join your on-prem solutions to our One Identity Starling cloud platform. Giving your organization immediate access to a number of cloud-delivered microservices, which expand the capabilities of your One Identity on-prem solutions. We will continuously make available new products and features to One Identity Starling. For a free trial of our One Identity Starling offerings and to get the latest product feature updates, visit cloud.oneidentity.com.

QER | Person | Starling | ApiEndpoint

Token endpoint for logging in to One Identity Starling The value is determined by the Starling configuration wizard.

QER | Person | Starling | ApiKey

Credential string for logging in to One Identity Starling. The value is determined by the Starling configuration wizard.

QER | Person | Starling | UseApprovalAnywhere

This configuration parameter defines whether requests and attestation cases can be approved by adaptive cards.

QER | Person | Starling | UseApprovalAnywhere | SecondsToExpire

This configuration parameter specifies the time in seconds by which the adaptive card must be answered.

QER | WebPortal

General configuration parameter for Web Portal settings.

QER | WebPortal | BaseURL

API Server URL. This address is used in mail templates to add hyperlinks to the Web Portal.

QER | WebPortal | DisplayName

This configuration parameter contains the display name of the Web Portal. This name is used in mail templates.

QER | WebPortal | PasswordResetURL

Password Reset Portal URL. This address is used to navigate within the Web Portal.

QER | WebPortal | PersonChangeWorkdesk

This configuration parameter specifies whether Web Portal users can change their default workdesk. If the configuration parameter is set, users can relocate their workdesk through the Web Portal.

QER | WebPortal | ShowProductImages

This configuration parameter specifies whether pictures of products are displayed in the Web Portal.

Hardware | Workdesk | WorkdeskAutoPerson

If this configuration parameter is set, creating a workdesk automatically creates an associated identity. This identity can be used to make requests for this workstation.

Some general configuration parameters are also relevant for the IT Shop.

Table 83: Additional configuration parameters

Configuration parameter

Description

Common | MailNotification | Signature

Data for the signature in email automatically generated from mail templates.

Common | MailNotification | Signature | Caption

Signature under the salutation.

Common | MailNotification | Signature | Company

Company name.

Common | MailNotification | Signature | Link

Link to the company's website.

Common | MailNotification | Signature | LinkDisplay

Display text for the link to the company's website.

Common | ProcessState

If this configuration parameter is set, a process monitoring entry (DialogProcess table) is created when the request is created.

Common | ProcessState | PropertyLog

When this configuration parameter is set, changes to individual values are logged and shown in the process view. Changes to the parameter require recompiling the database.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

Common | ProcessState | UseGenProcIDFromPWO

If this configuration parameter is set, the GenProcID of an IT Shop request is retained for the entirety of the approval process. If the configuration parameter is not set, a new GenProcID is used for each approval decision.

TargetSystem | ADS | ARS_SSM

Preprocessor relevant configuration parameter for controlling the database model components for Active Roles Self-Service Management in the One Identity Manager IT Shop. If the parameter is set, Self-Service Management components are available. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

In effect in module: Active Roles Module

Request statuses

The following table gives an overview of all statuses a request can have.

Table 84: Request statuses

Status
(technical name)

Description

New
(New)

A product was requested. The request was added in the database.

Request
(OrderProduct)

The request is currently in the approval process. An approval decision has not yet been reached.

Approved
(Granted)

The approval process is complete. The request is granted approval.

Pending
(Waiting)

The request is granted approval. A valid from date was given in the request. This date has not been reached yet.

Assigned
(Assigned)

The request was granted approval and assigned.

Renewal
(OrderProlongate)

The request with limited validity was assigned. A renewal has been applied for and is in the approval process. An approval decision has not yet been reached.

Unsubscription
(OrderUnsubscribe)

This product was canceled. The cancellation is currently in the approval process. An approval decision has not yet been reached.

Unsubscribed
(Unsubscribed)

The approval process is complete. The cancellation was granted approval.

Denied
(Dismissed)

The approval process is complete. The request was denied.

Canceled
(Aborted)

The request was canceled by a user or for technical reasons.

Table 85: Status summary

Pending requests

Requests with the status request, renewal, canceled.

Approved requests

Requests with the status approved, pending, assigned, renewal, canceled.

Assigned requests

Requests with the status assigned, renewal, canceled.

Closed requests

Requested with the status unsubscribed, denied, canceled.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级